]> git.ipfire.org Git - people/pmueller/ipfire-2.x.git/blame - src/patches/backports-4.2.6-1-grsecurity.patch
projects / people / pmueller / ipfire-2.x.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update Tor to 0.3.5.8
[people/pmueller/ipfire-2.x.git] / src / patches / backports-4.2.6-1-grsecurity.patch
CommitLineData
23588859
AF		 1diff -Naur backports-4.2.6-1.org/drivers/bluetooth/btwilink.c backports-4.2.6-1/drivers/bluetooth/btwilink.c
2--- backports-4.2.6-1.org/drivers/bluetooth/btwilink.c 2015-11-15 22:19:40.000000000 +0100
3+++ backports-4.2.6-1/drivers/bluetooth/btwilink.c 2016-01-27 12:26:16.319959957 +0100
91e56a59
AF		 4@@ -288,7 +288,7 @@
5
6 static int bt_ti_probe(struct platform_device *pdev)
7 {
8- static struct ti_st *hst;
9+ struct ti_st *hst;
10 struct hci_dev *hdev;
11 int err;
12
23588859
AF		 13diff -Naur backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c
14--- backports-4.2.6-1.org/drivers/media/dvb-core/dvbdev.c 2015-11-15 22:19:39.000000000 +0100
15+++ backports-4.2.6-1/drivers/media/dvb-core/dvbdev.c 2016-01-27 12:26:21.266626324 +0100
16@@ -272,7 +272,7 @@
91e56a59
AF		 17 const struct dvb_device *template, void *priv, int type)
18 {
19 struct dvb_device *dvbdev;
20- struct file_operations *dvbdevfops;
21+ file_operations_no_const *dvbdevfops;
22 struct device *clsdev;
23 int minor;
24 int id;
23588859
AF		 25diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h
26--- backports-4.2.6-1.org/drivers/media/dvb-frontends/af9033.h 2015-11-15 22:19:38.000000000 +0100
27+++ backports-4.2.6-1/drivers/media/dvb-frontends/af9033.h 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 28@@ -96,6 +96,6 @@
29 int (*pid_filter_ctrl)(struct dvb_frontend *fe, int onoff);
30 int (*pid_filter)(struct dvb_frontend *fe, int index, u16 pid,
31 int onoff);
32-};
33+} __no_const;
34
35 #endif /* AF9033_H */
23588859
AF		 36diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h
37--- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib3000.h 2015-11-15 22:19:38.000000000 +0100
38+++ backports-4.2.6-1/drivers/media/dvb-frontends/dib3000.h 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 39@@ -39,7 +39,7 @@
40 int (*fifo_ctrl)(struct dvb_frontend *fe, int onoff);
41 int (*pid_ctrl)(struct dvb_frontend *fe, int index, int pid, int onoff);
42 int (*tuner_pass_ctrl)(struct dvb_frontend *fe, int onoff, u8 pll_ctrl);
43-};
44+} __no_const;
45
23588859 46 #if IS_REACHABLE(CPTCFG_DVB_DIB3000MB)
91e56a59 47 extern struct dvb_frontend* dib3000mb_attach(const struct dib3000_config* config,
23588859
AF		 48diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h
49--- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib7000p.h 2015-11-15 22:19:38.000000000 +0100
50+++ backports-4.2.6-1/drivers/media/dvb-frontends/dib7000p.h 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 51@@ -64,7 +64,7 @@
52 int (*get_adc_power)(struct dvb_frontend *fe);
53 int (*slave_reset)(struct dvb_frontend *fe);
54 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib7000p_config *cfg);
55-};
56+} __no_const;
57
23588859 58 #if IS_REACHABLE(CPTCFG_DVB_DIB7000P)
91e56a59 59 void *dib7000p_attach(struct dib7000p_ops *ops);
23588859
AF		 60diff -Naur backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h
61--- backports-4.2.6-1.org/drivers/media/dvb-frontends/dib8000.h 2015-11-15 22:19:38.000000000 +0100
62+++ backports-4.2.6-1/drivers/media/dvb-frontends/dib8000.h 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 63@@ -61,7 +61,7 @@
64 int (*pid_filter_ctrl)(struct dvb_frontend *fe, u8 onoff);
65 int (*pid_filter)(struct dvb_frontend *fe, u8 id, u16 pid, u8 onoff);
66 struct dvb_frontend *(*init)(struct i2c_adapter *i2c_adap, u8 i2c_addr, struct dib8000_config *cfg);
67-};
68+} __no_const;
69
23588859 70 #if IS_REACHABLE(CPTCFG_DVB_DIB8000)
91e56a59 71 void *dib8000_attach(struct dib8000_ops *ops);
23588859
AF		 72diff -Naur backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c
73--- backports-4.2.6-1.org/drivers/media/pci/cx88/cx88-video.c 2015-11-15 22:19:38.000000000 +0100
74+++ backports-4.2.6-1/drivers/media/pci/cx88/cx88-video.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 75@@ -50,9 +50,9 @@
76
77 /* ------------------------------------------------------------------ */
78
79-static unsigned int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
80-static unsigned int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
81-static unsigned int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
82+static int video_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
83+static int vbi_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
84+static int radio_nr[] = {[0 ... (CX88_MAXBOARDS - 1)] = UNSET };
85
86 module_param_array(video_nr, int, NULL, 0444);
87 module_param_array(vbi_nr, int, NULL, 0444);
23588859
AF		 88diff -Naur backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c
89--- backports-4.2.6-1.org/drivers/media/pci/ivtv/ivtv-driver.c 2015-11-15 22:19:38.000000000 +0100
90+++ backports-4.2.6-1/drivers/media/pci/ivtv/ivtv-driver.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 91@@ -83,7 +83,7 @@
92 MODULE_DEVICE_TABLE(pci,ivtv_pci_tbl);
93
94 /* ivtv instance counter */
95-static atomic_t ivtv_instance = ATOMIC_INIT(0);
96+static atomic_unchecked_t ivtv_instance = ATOMIC_INIT(0);
97
98 /* Parameter declarations */
99 static int cardtype[IVTV_MAX_CARDS];
23588859
AF		 100diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c
101--- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-core.c 2015-11-15 22:19:38.000000000 +0100
102+++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-core.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 103@@ -424,7 +424,7 @@
104
105 static int solo_sysfs_init(struct solo_dev *solo_dev)
106 {
107- struct bin_attribute *sdram_attr = &solo_dev->sdram_attr;
108+ bin_attribute_no_const *sdram_attr = &solo_dev->sdram_attr;
109 struct device *dev = &solo_dev->dev;
110 const char *driver;
111 int i;
23588859
AF		 112diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c
113--- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-g723.c 2015-11-15 22:19:38.000000000 +0100
114+++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-g723.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 115@@ -351,7 +351,7 @@
116
117 int solo_g723_init(struct solo_dev *solo_dev)
118 {
119- static struct snd_device_ops ops = { NULL };
120+ static struct snd_device_ops ops = { };
121 struct snd_card *card;
122 struct snd_kcontrol_new kctl;
123 char name[32];
23588859
AF		 124diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h
125--- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10.h 2015-11-15 22:19:38.000000000 +0100
126+++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10.h 2016-01-27 12:26:21.266626324 +0100
127@@ -218,7 +218,7 @@
91e56a59
AF		 128
129 /* P2M DMA Engine */
130 struct solo_p2m_dev p2m_dev[SOLO_NR_P2M];
131- atomic_t p2m_count;
132+ atomic_unchecked_t p2m_count;
133 int p2m_jiffies;
134 unsigned int p2m_timeouts;
135
23588859
AF		 136diff -Naur backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c
137--- backports-4.2.6-1.org/drivers/media/pci/solo6x10/solo6x10-p2m.c 2015-11-15 22:19:38.000000000 +0100
138+++ backports-4.2.6-1/drivers/media/pci/solo6x10/solo6x10-p2m.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 139@@ -73,7 +73,7 @@
140
141 /* Get next ID. According to Softlogic, 6110 has problems on !=0 P2M */
142 if (solo_dev->type != SOLO_DEV_6110 && multi_p2m) {
143- p2m_id = atomic_inc_return(&solo_dev->p2m_count) % SOLO_NR_P2M;
144+ p2m_id = atomic_inc_return_unchecked(&solo_dev->p2m_count) % SOLO_NR_P2M;
145 if (p2m_id < 0)
146 p2m_id = -p2m_id;
147 }
23588859
AF		 148diff -Naur backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c
149--- backports-4.2.6-1.org/drivers/media/pci/tw68/tw68-core.c 2015-11-15 22:19:38.000000000 +0100
150+++ backports-4.2.6-1/drivers/media/pci/tw68/tw68-core.c 2016-01-27 12:26:21.266626324 +0100
151@@ -60,7 +60,7 @@
152 module_param_array(card, int, NULL, 0444);
153 MODULE_PARM_DESC(card, "card type");
154
155-static atomic_t tw68_instance = ATOMIC_INIT(0);
156+static atomic_unchecked_t tw68_instance = ATOMIC_INIT(0);
157
158 /* ------------------------------------------------------------------ */
159
160diff -Naur backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c
161--- backports-4.2.6-1.org/drivers/media/platform/omap/omap_vout.c 2015-11-15 22:19:38.000000000 +0100
162+++ backports-4.2.6-1/drivers/media/platform/omap/omap_vout.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 163@@ -63,7 +63,6 @@
164 OMAP_VIDEO2,
165 };
166
167-static struct videobuf_queue_ops video_vbq_ops;
168 /* Variables configurable through module params*/
169 static u32 video1_numbuffers = 3;
170 static u32 video2_numbuffers = 3;
23588859 171@@ -1008,6 +1007,12 @@
91e56a59
AF		 172 {
173 struct videobuf_queue *q;
174 struct omap_vout_device *vout = NULL;
175+ static struct videobuf_queue_ops video_vbq_ops = {
176+ .buf_setup = omap_vout_buffer_setup,
177+ .buf_prepare = omap_vout_buffer_prepare,
178+ .buf_release = omap_vout_buffer_release,
179+ .buf_queue = omap_vout_buffer_queue,
180+ };
181
182 vout = video_drvdata(file);
183 v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, "Entering %s\n", __func__);
23588859 184@@ -1025,10 +1030,6 @@
91e56a59
AF		 185 vout->type = V4L2_BUF_TYPE_VIDEO_OUTPUT;
186
187 q = &vout->vbq;
188- video_vbq_ops.buf_setup = omap_vout_buffer_setup;
189- video_vbq_ops.buf_prepare = omap_vout_buffer_prepare;
190- video_vbq_ops.buf_release = omap_vout_buffer_release;
191- video_vbq_ops.buf_queue = omap_vout_buffer_queue;
192 spin_lock_init(&vout->vbq_lock);
193
194 videobuf_queue_dma_contig_init(q, &video_vbq_ops, q->dev,
23588859
AF		 195diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c
196--- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2015-11-15 22:19:38.000000000 +0100
197+++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_grp_layer.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 198@@ -235,7 +235,7 @@
199 {
200 struct mxr_layer *layer;
201 int ret;
202- struct mxr_layer_ops ops = {
203+ static struct mxr_layer_ops ops = {
204 .release = mxr_graph_layer_release,
205 .buffer_set = mxr_graph_buffer_set,
206 .stream_set = mxr_graph_stream_set,
23588859
AF		 207diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h
208--- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer.h 2015-11-15 22:19:38.000000000 +0100
209+++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer.h 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 210@@ -156,7 +156,7 @@
211 /** layer index (unique identifier) */
212 int idx;
213 /** callbacks for layer methods */
214- struct mxr_layer_ops ops;
215+ struct mxr_layer_ops *ops;
216 /** format array */
217 const struct mxr_format **fmt_array;
218 /** size of format array */
23588859
AF		 219diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c
220--- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_reg.c 2015-11-15 22:19:38.000000000 +0100
221+++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_reg.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 222@@ -276,7 +276,7 @@
223 layer->update_buf = next;
224 }
225
226- layer->ops.buffer_set(layer, layer->update_buf);
227+ layer->ops->buffer_set(layer, layer->update_buf);
228
229 if (done && done != layer->shadow_buf)
230 vb2_buffer_done(&done->vb, VB2_BUF_STATE_DONE);
23588859
AF		 231diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c
232--- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_video.c 2015-11-15 22:19:38.000000000 +0100
233+++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_video.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 234@@ -210,7 +210,7 @@
235 layer->geo.src.height = layer->geo.src.full_height;
236
237 mxr_geometry_dump(mdev, &layer->geo);
238- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
239+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
240 mxr_geometry_dump(mdev, &layer->geo);
241 }
242
243@@ -228,7 +228,7 @@
244 layer->geo.dst.full_width = mbus_fmt.width;
245 layer->geo.dst.full_height = mbus_fmt.height;
246 layer->geo.dst.field = mbus_fmt.field;
247- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
248+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SINK, 0);
249
250 mxr_geometry_dump(mdev, &layer->geo);
251 }
252@@ -334,7 +334,7 @@
253 /* set source size to highest accepted value */
254 geo->src.full_width = max(geo->dst.full_width, pix->width);
255 geo->src.full_height = max(geo->dst.full_height, pix->height);
256- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
257+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
258 mxr_geometry_dump(mdev, &layer->geo);
259 /* set cropping to total visible screen */
260 geo->src.width = pix->width;
261@@ -342,12 +342,12 @@
262 geo->src.x_offset = 0;
263 geo->src.y_offset = 0;
264 /* assure consistency of geometry */
265- layer->ops.fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
266+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_CROP, MXR_NO_OFFSET);
267 mxr_geometry_dump(mdev, &layer->geo);
268 /* set full size to lowest possible value */
269 geo->src.full_width = 0;
270 geo->src.full_height = 0;
271- layer->ops.fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
272+ layer->ops->fix_geometry(layer, MXR_GEOMETRY_SOURCE, 0);
273 mxr_geometry_dump(mdev, &layer->geo);
274
275 /* returning results */
276@@ -474,7 +474,7 @@
277 target->width = s->r.width;
278 target->height = s->r.height;
279
280- layer->ops.fix_geometry(layer, stage, s->flags);
281+ layer->ops->fix_geometry(layer, stage, s->flags);
282
283 /* retrieve update selection rectangle */
284 res.left = target->x_offset;
23588859 285@@ -938,13 +938,13 @@
91e56a59
AF		 286 mxr_output_get(mdev);
287
288 mxr_layer_update_output(layer);
289- layer->ops.format_set(layer);
290+ layer->ops->format_set(layer);
291 /* enabling layer in hardware */
292 spin_lock_irqsave(&layer->enq_slock, flags);
293 layer->state = MXR_LAYER_STREAMING;
294 spin_unlock_irqrestore(&layer->enq_slock, flags);
295
296- layer->ops.stream_set(layer, MXR_ENABLE);
297+ layer->ops->stream_set(layer, MXR_ENABLE);
298 mxr_streamer_get(mdev);
299
300 return 0;
23588859 301@@ -1014,7 +1014,7 @@
91e56a59
AF		 302 spin_unlock_irqrestore(&layer->enq_slock, flags);
303
304 /* disabling layer in hardware */
305- layer->ops.stream_set(layer, MXR_DISABLE);
306+ layer->ops->stream_set(layer, MXR_DISABLE);
307 /* remove one streamer */
308 mxr_streamer_put(mdev);
309 /* allow changes in output configuration */
23588859 310@@ -1052,8 +1052,8 @@
91e56a59
AF		 311
312 void mxr_layer_release(struct mxr_layer *layer)
313 {
314- if (layer->ops.release)
315- layer->ops.release(layer);
316+ if (layer->ops->release)
317+ layer->ops->release(layer);
318 }
319
320 void mxr_base_layer_release(struct mxr_layer *layer)
23588859 321@@ -1079,7 +1079,7 @@
91e56a59
AF		 322
323 layer->mdev = mdev;
324 layer->idx = idx;
325- layer->ops = *ops;
326+ layer->ops = ops;
327
328 spin_lock_init(&layer->enq_slock);
329 INIT_LIST_HEAD(&layer->enq_list);
23588859
AF		 330diff -Naur backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c
331--- backports-4.2.6-1.org/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2015-11-15 22:19:38.000000000 +0100
332+++ backports-4.2.6-1/drivers/media/platform/s5p-tv/mixer_vp_layer.c 2016-01-27 12:26:21.266626324 +0100
91e56a59
AF		 333@@ -206,7 +206,7 @@
334 {
335 struct mxr_layer *layer;
336 int ret;
337- struct mxr_layer_ops ops = {
338+ static struct mxr_layer_ops ops = {
339 .release = mxr_vp_layer_release,
340 .buffer_set = mxr_vp_buffer_set,
341 .stream_set = mxr_vp_stream_set,
23588859
AF		 342diff -Naur backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c
343--- backports-4.2.6-1.org/drivers/media/platform/vivid/vivid-osd.c 2015-11-15 22:19:38.000000000 +0100
344+++ backports-4.2.6-1/drivers/media/platform/vivid/vivid-osd.c 2016-01-27 12:26:21.269959657 +0100
345@@ -85,6 +85,7 @@
346 case FBIOGET_VBLANK: {
347 struct fb_vblank vblank;
348
349+ memset(&vblank, 0, sizeof(vblank));
350 vblank.flags = FB_VBLANK_HAVE_COUNT | FB_VBLANK_HAVE_VCOUNT |
351 FB_VBLANK_HAVE_VSYNC;
352 vblank.count = 0;
353diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c backports-4.2.6-1/drivers/media/radio/radio-cadet.c
354--- backports-4.2.6-1.org/drivers/media/radio/radio-cadet.c 2015-11-15 22:19:38.000000000 +0100
355+++ backports-4.2.6-1/drivers/media/radio/radio-cadet.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 356@@ -333,6 +333,8 @@
357 unsigned char readbuf[RDS_BUFFER];
358 int i = 0;
359
360+ if (count > RDS_BUFFER)
361+ return -EFAULT;
362 mutex_lock(&dev->lock);
363 if (dev->rdsstat == 0)
364 cadet_start_rds(dev);
365@@ -349,8 +351,9 @@
366 readbuf[i++] = dev->rdsbuf[dev->rdsout++];
367 mutex_unlock(&dev->lock);
368
369- if (i && copy_to_user(data, readbuf, i))
370- return -EFAULT;
371+ if (i > sizeof(readbuf) || (i && copy_to_user(data, readbuf, i)))
372+ i = -EFAULT;
373+
374 return i;
375 }
376
23588859
AF		 377diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c
378--- backports-4.2.6-1.org/drivers/media/radio/radio-maxiradio.c 2015-11-15 22:19:38.000000000 +0100
379+++ backports-4.2.6-1/drivers/media/radio/radio-maxiradio.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 380@@ -61,7 +61,7 @@
381 /* TEA5757 pin mappings */
382 static const int clk = 1, data = 2, wren = 4, mo_st = 8, power = 16;
383
384-static atomic_t maxiradio_instance = ATOMIC_INIT(0);
385+static atomic_unchecked_t maxiradio_instance = ATOMIC_INIT(0);
386
387 #define PCI_VENDOR_ID_GUILLEMOT 0x5046
388 #define PCI_DEVICE_ID_GUILLEMOT_MAXIRADIO 0x1001
23588859
AF		 389diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c backports-4.2.6-1/drivers/media/radio/radio-shark2.c
390--- backports-4.2.6-1.org/drivers/media/radio/radio-shark2.c 2015-11-15 22:19:38.000000000 +0100
391+++ backports-4.2.6-1/drivers/media/radio/radio-shark2.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 392@@ -74,7 +74,7 @@
393 u8 *transfer_buffer;
394 };
395
396-static atomic_t shark_instance = ATOMIC_INIT(0);
397+static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
398
399 static int shark_write_reg(struct radio_tea5777 *tea, u64 reg)
400 {
23588859
AF		 401diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-shark.c backports-4.2.6-1/drivers/media/radio/radio-shark.c
402--- backports-4.2.6-1.org/drivers/media/radio/radio-shark.c 2015-11-15 22:19:38.000000000 +0100
403+++ backports-4.2.6-1/drivers/media/radio/radio-shark.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 404@@ -79,7 +79,7 @@
405 u32 last_val;
406 };
407
408-static atomic_t shark_instance = ATOMIC_INIT(0);
409+static atomic_unchecked_t shark_instance = ATOMIC_INIT(0);
410
411 static void shark_write_val(struct snd_tea575x *tea, u32 val)
412 {
23588859
AF		 413diff -Naur backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c backports-4.2.6-1/drivers/media/radio/radio-si476x.c
414--- backports-4.2.6-1.org/drivers/media/radio/radio-si476x.c 2015-11-15 22:19:38.000000000 +0100
415+++ backports-4.2.6-1/drivers/media/radio/radio-si476x.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 416@@ -1445,7 +1445,7 @@
417 struct si476x_radio *radio;
418 struct v4l2_ctrl *ctrl;
419
420- static atomic_t instance = ATOMIC_INIT(0);
421+ static atomic_unchecked_t instance = ATOMIC_INIT(0);
422
423 radio = devm_kzalloc(&pdev->dev, sizeof(*radio), GFP_KERNEL);
424 if (!radio)
23588859
AF		 425diff -Naur backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c
426--- backports-4.2.6-1.org/drivers/media/radio/wl128x/fmdrv_common.c 2015-11-15 22:19:38.000000000 +0100
427+++ backports-4.2.6-1/drivers/media/radio/wl128x/fmdrv_common.c 2016-01-27 12:26:21.269959657 +0100
428@@ -71,7 +71,7 @@
429 MODULE_PARM_DESC(rds_buf, "RDS buffer entries");
430
431 /* Radio Nr */
432-static u32 radio_nr = -1;
433+static int radio_nr = -1;
434 module_param(radio_nr, int, 0444);
435 MODULE_PARM_DESC(radio_nr, "Radio Nr");
436
437diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c
438--- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-core.c 2015-11-15 22:19:39.000000000 +0100
439+++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-core.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 440@@ -50,29 +50,73 @@
441
442 static int cinergyt2_streaming_ctrl(struct dvb_usb_adapter *adap, int enable)
443 {
444- char buf[] = { CINERGYT2_EP1_CONTROL_STREAM_TRANSFER, enable ? 1 : 0 };
445- char result[64];
446- return dvb_usb_generic_rw(adap->dev, buf, sizeof(buf), result,
447- sizeof(result), 0);
448+ char *buf;
449+ char *result;
450+ int retval;
451+
452+ buf = kmalloc(2, GFP_KERNEL);
453+ if (buf == NULL)
454+ return -ENOMEM;
455+ result = kmalloc(64, GFP_KERNEL);
456+ if (result == NULL) {
457+ kfree(buf);
458+ return -ENOMEM;
459+ }
460+
461+ buf[0] = CINERGYT2_EP1_CONTROL_STREAM_TRANSFER;
462+ buf[1] = enable ? 1 : 0;
463+
464+ retval = dvb_usb_generic_rw(adap->dev, buf, 2, result, 64, 0);
465+
466+ kfree(buf);
467+ kfree(result);
468+ return retval;
469 }
470
471 static int cinergyt2_power_ctrl(struct dvb_usb_device *d, int enable)
472 {
473- char buf[] = { CINERGYT2_EP1_SLEEP_MODE, enable ? 0 : 1 };
474- char state[3];
475- return dvb_usb_generic_rw(d, buf, sizeof(buf), state, sizeof(state), 0);
476+ char *buf;
477+ char *state;
478+ int retval;
479+
480+ buf = kmalloc(2, GFP_KERNEL);
481+ if (buf == NULL)
482+ return -ENOMEM;
483+ state = kmalloc(3, GFP_KERNEL);
484+ if (state == NULL) {
485+ kfree(buf);
486+ return -ENOMEM;
487+ }
488+
489+ buf[0] = CINERGYT2_EP1_SLEEP_MODE;
490+ buf[1] = enable ? 1 : 0;
491+
492+ retval = dvb_usb_generic_rw(d, buf, 2, state, 3, 0);
493+
494+ kfree(buf);
495+ kfree(state);
496+ return retval;
497 }
498
499 static int cinergyt2_frontend_attach(struct dvb_usb_adapter *adap)
500 {
501- char query[] = { CINERGYT2_EP1_GET_FIRMWARE_VERSION };
502- char state[3];
503+ char *query;
504+ char *state;
505 int ret;
506+ query = kmalloc(1, GFP_KERNEL);
507+ if (query == NULL)
508+ return -ENOMEM;
509+ state = kmalloc(3, GFP_KERNEL);
510+ if (state == NULL) {
511+ kfree(query);
512+ return -ENOMEM;
513+ }
514+
515+ query[0] = CINERGYT2_EP1_GET_FIRMWARE_VERSION;
516
517 adap->fe_adap[0].fe = cinergyt2_fe_attach(adap->dev);
518
519- ret = dvb_usb_generic_rw(adap->dev, query, sizeof(query), state,
520- sizeof(state), 0);
521+ ret = dvb_usb_generic_rw(adap->dev, query, 1, state, 3, 0);
522 if (ret < 0) {
523 deb_rc("cinergyt2_power_ctrl() Failed to retrieve sleep "
524 "state info\n");
525@@ -80,7 +124,8 @@
526
527 /* Copy this pointer as we are gonna need it in the release phase */
528 cinergyt2_usb_device = adap->dev;
529-
530+ kfree(query);
531+ kfree(state);
532 return 0;
533 }
534
535@@ -141,12 +186,23 @@
536 static int cinergyt2_rc_query(struct dvb_usb_device *d, u32 *event, int *state)
537 {
538 struct cinergyt2_state *st = d->priv;
539- u8 key[5] = {0, 0, 0, 0, 0}, cmd = CINERGYT2_EP1_GET_RC_EVENTS;
540+ u8 *key, *cmd;
541 int i;
542
543+ cmd = kmalloc(1, GFP_KERNEL);
544+ if (cmd == NULL)
545+ return -EINVAL;
546+ key = kzalloc(5, GFP_KERNEL);
547+ if (key == NULL) {
548+ kfree(cmd);
549+ return -EINVAL;
550+ }
551+
552+ cmd[0] = CINERGYT2_EP1_GET_RC_EVENTS;
553+
554 *state = REMOTE_NO_KEY_PRESSED;
555
556- dvb_usb_generic_rw(d, &cmd, 1, key, sizeof(key), 0);
557+ dvb_usb_generic_rw(d, cmd, 1, key, 5, 0);
558 if (key[4] == 0xff) {
559 /* key repeat */
560 st->rc_counter++;
561@@ -157,12 +213,12 @@
562 *event = d->last_event;
563 deb_rc("repeat key, event %x\n",
564 *event);
565- return 0;
566+ goto out;
567 }
568 }
569 deb_rc("repeated key (non repeatable)\n");
570 }
571- return 0;
572+ goto out;
573 }
574
575 /* hack to pass checksum on the custom field */
576@@ -174,6 +230,9 @@
577
578 deb_rc("key: %*ph\n", 5, key);
579 }
580+out:
581+ kfree(cmd);
582+ kfree(key);
583 return 0;
584 }
585
23588859
AF		 586diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c
587--- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2015-11-15 22:19:39.000000000 +0100
588+++ backports-4.2.6-1/drivers/media/usb/dvb-usb/cinergyT2-fe.c 2016-01-27 12:26:21.269959657 +0100
91e56a59 589@@ -145,103 +145,176 @@
23588859 590 enum fe_status *status)
91e56a59
AF		 591 {
592 struct cinergyt2_fe_state *state = fe->demodulator_priv;
593- struct dvbt_get_status_msg result;
594- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
595+ struct dvbt_get_status_msg *result;
596+ u8 *cmd;
597 int ret;
598
599- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&result,
600- sizeof(result), 0);
601+ cmd = kmalloc(1, GFP_KERNEL);
602+ if (cmd == NULL)
603+ return -ENOMEM;
604+ result = kmalloc(sizeof(*result), GFP_KERNEL);
605+ if (result == NULL) {
606+ kfree(cmd);
607+ return -ENOMEM;
608+ }
609+
610+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
611+
612+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)result,
613+ sizeof(*result), 0);
614 if (ret < 0)
615- return ret;
616+ goto out;
617
618 *status = 0;
619
620- if (0xffff - le16_to_cpu(result.gain) > 30)
621+ if (0xffff - le16_to_cpu(result->gain) > 30)
622 *status |= FE_HAS_SIGNAL;
623- if (result.lock_bits & (1 << 6))
624+ if (result->lock_bits & (1 << 6))
625 *status |= FE_HAS_LOCK;
626- if (result.lock_bits & (1 << 5))
627+ if (result->lock_bits & (1 << 5))
628 *status |= FE_HAS_SYNC;
629- if (result.lock_bits & (1 << 4))
630+ if (result->lock_bits & (1 << 4))
631 *status |= FE_HAS_CARRIER;
632- if (result.lock_bits & (1 << 1))
633+ if (result->lock_bits & (1 << 1))
634 *status |= FE_HAS_VITERBI;
635
636 if ((*status & (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC)) !=
637 (FE_HAS_CARRIER | FE_HAS_VITERBI | FE_HAS_SYNC))
638 *status &= ~FE_HAS_LOCK;
639
640- return 0;
641+out:
642+ kfree(cmd);
643+ kfree(result);
644+ return ret;
645 }
646
647 static int cinergyt2_fe_read_ber(struct dvb_frontend *fe, u32 *ber)
648 {
649 struct cinergyt2_fe_state *state = fe->demodulator_priv;
650- struct dvbt_get_status_msg status;
651- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
652+ struct dvbt_get_status_msg *status;
653+ char *cmd;
654 int ret;
655
656- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
657- sizeof(status), 0);
658+ cmd = kmalloc(1, GFP_KERNEL);
659+ if (cmd == NULL)
660+ return -ENOMEM;
661+ status = kmalloc(sizeof(*status), GFP_KERNEL);
662+ if (status == NULL) {
663+ kfree(cmd);
664+ return -ENOMEM;
665+ }
666+
667+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
668+
669+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
670+ sizeof(*status), 0);
671 if (ret < 0)
672- return ret;
673+ goto out;
674
675- *ber = le32_to_cpu(status.viterbi_error_rate);
676+ *ber = le32_to_cpu(status->viterbi_error_rate);
677+out:
678+ kfree(cmd);
679+ kfree(status);
680 return 0;
681 }
682
683 static int cinergyt2_fe_read_unc_blocks(struct dvb_frontend *fe, u32 *unc)
684 {
685 struct cinergyt2_fe_state *state = fe->demodulator_priv;
686- struct dvbt_get_status_msg status;
687- u8 cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
688+ struct dvbt_get_status_msg *status;
689+ u8 *cmd;
690 int ret;
691
692- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (u8 *)&status,
693- sizeof(status), 0);
694+ cmd = kmalloc(1, GFP_KERNEL);
695+ if (cmd == NULL)
696+ return -ENOMEM;
697+ status = kmalloc(sizeof(*status), GFP_KERNEL);
698+ if (status == NULL) {
699+ kfree(cmd);
700+ return -ENOMEM;
701+ }
702+
703+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
704+
705+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (u8 *)status,
706+ sizeof(*status), 0);
707 if (ret < 0) {
708 err("cinergyt2_fe_read_unc_blocks() Failed! (Error=%d)\n",
709 ret);
710- return ret;
711+ goto out;
712 }
713- *unc = le32_to_cpu(status.uncorrected_block_count);
714- return 0;
715+ *unc = le32_to_cpu(status->uncorrected_block_count);
716+
717+out:
718+ kfree(cmd);
719+ kfree(status);
720+ return ret;
721 }
722
723 static int cinergyt2_fe_read_signal_strength(struct dvb_frontend *fe,
724 u16 *strength)
725 {
726 struct cinergyt2_fe_state *state = fe->demodulator_priv;
727- struct dvbt_get_status_msg status;
728- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
729+ struct dvbt_get_status_msg *status;
730+ char *cmd;
731 int ret;
732
733- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
734- sizeof(status), 0);
735+ cmd = kmalloc(1, GFP_KERNEL);
736+ if (cmd == NULL)
737+ return -ENOMEM;
738+ status = kmalloc(sizeof(*status), GFP_KERNEL);
739+ if (status == NULL) {
740+ kfree(cmd);
741+ return -ENOMEM;
742+ }
743+
744+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
745+
746+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
747+ sizeof(*status), 0);
748 if (ret < 0) {
749 err("cinergyt2_fe_read_signal_strength() Failed!"
750 " (Error=%d)\n", ret);
751- return ret;
752+ goto out;
753 }
754- *strength = (0xffff - le16_to_cpu(status.gain));
755+ *strength = (0xffff - le16_to_cpu(status->gain));
756+
757+out:
758+ kfree(cmd);
759+ kfree(status);
760 return 0;
761 }
762
763 static int cinergyt2_fe_read_snr(struct dvb_frontend *fe, u16 *snr)
764 {
765 struct cinergyt2_fe_state *state = fe->demodulator_priv;
766- struct dvbt_get_status_msg status;
767- char cmd[] = { CINERGYT2_EP1_GET_TUNER_STATUS };
768+ struct dvbt_get_status_msg *status;
769+ char *cmd;
770 int ret;
771
772- ret = dvb_usb_generic_rw(state->d, cmd, sizeof(cmd), (char *)&status,
773- sizeof(status), 0);
774+ cmd = kmalloc(1, GFP_KERNEL);
775+ if (cmd == NULL)
776+ return -ENOMEM;
777+ status = kmalloc(sizeof(*status), GFP_KERNEL);
778+ if (status == NULL) {
779+ kfree(cmd);
780+ return -ENOMEM;
781+ }
782+
783+ cmd[0] = CINERGYT2_EP1_GET_TUNER_STATUS;
784+
785+ ret = dvb_usb_generic_rw(state->d, cmd, 1, (char *)status,
786+ sizeof(*status), 0);
787 if (ret < 0) {
788 err("cinergyt2_fe_read_snr() Failed! (Error=%d)\n", ret);
789- return ret;
790+ goto out;
791 }
792- *snr = (status.snr << 8) | status.snr;
793- return 0;
794+ *snr = (status->snr << 8) | status->snr;
795+
796+out:
797+ kfree(cmd);
798+ kfree(status);
799+ return ret;
800 }
801
802 static int cinergyt2_fe_init(struct dvb_frontend *fe)
803@@ -266,35 +339,46 @@
804 {
805 struct dtv_frontend_properties *fep = &fe->dtv_property_cache;
806 struct cinergyt2_fe_state *state = fe->demodulator_priv;
807- struct dvbt_set_parameters_msg param;
808- char result[2];
809+ struct dvbt_set_parameters_msg *param;
810+ char *result;
811 int err;
812
813- param.cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
814- param.tps = cpu_to_le16(compute_tps(fep));
815- param.freq = cpu_to_le32(fep->frequency / 1000);
816- param.flags = 0;
817+ result = kmalloc(2, GFP_KERNEL);
818+ if (result == NULL)
819+ return -ENOMEM;
820+ param = kmalloc(sizeof(*param), GFP_KERNEL);
821+ if (param == NULL) {
822+ kfree(result);
823+ return -ENOMEM;
824+ }
825+
826+ param->cmd = CINERGYT2_EP1_SET_TUNER_PARAMETERS;
827+ param->tps = cpu_to_le16(compute_tps(fep));
828+ param->freq = cpu_to_le32(fep->frequency / 1000);
829+ param->flags = 0;
830
831 switch (fep->bandwidth_hz) {
832 default:
833 case 8000000:
834- param.bandwidth = 8;
835+ param->bandwidth = 8;
836 break;
837 case 7000000:
838- param.bandwidth = 7;
839+ param->bandwidth = 7;
840 break;
841 case 6000000:
842- param.bandwidth = 6;
843+ param->bandwidth = 6;
844 break;
845 }
846
847 err = dvb_usb_generic_rw(state->d,
848- (char *)&param, sizeof(param),
849- result, sizeof(result), 0);
850+ (char *)param, sizeof(*param),
851+ result, 2, 0);
852 if (err < 0)
853 err("cinergyt2_fe_set_frontend() Failed! err=%d\n", err);
854
855- return (err < 0) ? err : 0;
856+ kfree(result);
857+ kfree(param);
858+ return err;
859 }
860
861 static void cinergyt2_fe_release(struct dvb_frontend *fe)
23588859
AF		 862diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c
863--- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2015-11-15 22:19:39.000000000 +0100
864+++ backports-4.2.6-1/drivers/media/usb/dvb-usb/dvb-usb-firmware.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 865@@ -35,42 +35,57 @@
866
867 int usb_cypress_load_firmware(struct usb_device *udev, const struct firmware *fw, int type)
868 {
869- struct hexline hx;
870- u8 reset;
871+ struct hexline *hx;
872+ u8 *reset;
873 int ret,pos=0;
874
875+ reset = kmalloc(1, GFP_KERNEL);
876+ if (reset == NULL)
877+ return -ENOMEM;
878+
879+ hx = kmalloc(sizeof(struct hexline), GFP_KERNEL);
880+ if (hx == NULL) {
881+ kfree(reset);
882+ return -ENOMEM;
883+ }
884+
885 /* stop the CPU */
886- reset = 1;
887- if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1)) != 1)
888+ reset[0] = 1;
889+ if ((ret = usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1)) != 1)
890 err("could not stop the USB controller CPU.");
891
892- while ((ret = dvb_usb_get_hexline(fw,&hx,&pos)) > 0) {
893- deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx.addr,hx.len,hx.chk);
894- ret = usb_cypress_writemem(udev,hx.addr,hx.data,hx.len);
895+ while ((ret = dvb_usb_get_hexline(fw,hx,&pos)) > 0) {
896+ deb_fw("writing to address 0x%04x (buffer: 0x%02x %02x)\n",hx->addr,hx->len,hx->chk);
897+ ret = usb_cypress_writemem(udev,hx->addr,hx->data,hx->len);
898
899- if (ret != hx.len) {
900+ if (ret != hx->len) {
901 err("error while transferring firmware "
902 "(transferred size: %d, block size: %d)",
903- ret,hx.len);
904+ ret,hx->len);
905 ret = -EINVAL;
906 break;
907 }
908 }
909 if (ret < 0) {
910 err("firmware download failed at %d with %d",pos,ret);
911+ kfree(reset);
912+ kfree(hx);
913 return ret;
914 }
915
916 if (ret == 0) {
917 /* restart the CPU */
918- reset = 0;
919- if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,&reset,1) != 1) {
920+ reset[0] = 0;
921+ if (ret || usb_cypress_writemem(udev,cypress[type].cpu_cs_register,reset,1) != 1) {
922 err("could not restart the USB controller CPU.");
923 ret = -EINVAL;
924 }
925 } else
926 ret = -EIO;
927
928+ kfree(reset);
929+ kfree(hx);
930+
931 return ret;
932 }
933 EXPORT_SYMBOL(usb_cypress_load_firmware);
23588859
AF		 934diff -Naur backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c
935--- backports-4.2.6-1.org/drivers/media/usb/dvb-usb/technisat-usb2.c 2015-11-15 22:19:39.000000000 +0100
936+++ backports-4.2.6-1/drivers/media/usb/dvb-usb/technisat-usb2.c 2016-01-27 12:26:21.269959657 +0100
91e56a59
AF		 937@@ -87,8 +87,11 @@
938 static int technisat_usb2_i2c_access(struct usb_device *udev,
939 u8 device_addr, u8 *tx, u8 txlen, u8 *rx, u8 rxlen)
940 {
941- u8 b[64];
942- int ret, actual_length;
943+ u8 *b = kmalloc(64, GFP_KERNEL);
944+ int ret, actual_length, error = 0;
945+
946+ if (b == NULL)
947+ return -ENOMEM;
948
949 deb_i2c("i2c-access: %02x, tx: ", device_addr);
950 debug_dump(tx, txlen, deb_i2c);
951@@ -121,7 +124,8 @@
952
953 if (ret < 0) {
954 err("i2c-error: out failed %02x = %d", device_addr, ret);
955- return -ENODEV;
956+ error = -ENODEV;
957+ goto out;
958 }
959
960 ret = usb_bulk_msg(udev,
961@@ -129,7 +133,8 @@
962 b, 64, &actual_length, 1000);
963 if (ret < 0) {
964 err("i2c-error: in failed %02x = %d", device_addr, ret);
965- return -ENODEV;
966+ error = -ENODEV;
967+ goto out;
968 }
969
970 if (b[0] != I2C_STATUS_OK) {
971@@ -137,8 +142,10 @@
972 /* handle tuner-i2c-nak */
973 if (!(b[0] == I2C_STATUS_NAK &&
974 device_addr == 0x60
975- /* && device_is_technisat_usb2 */))
976- return -ENODEV;
977+ /* && device_is_technisat_usb2 */)) {
978+ error = -ENODEV;
979+ goto out;
980+ }
981 }
982
983 deb_i2c("status: %d, ", b[0]);
984@@ -152,7 +159,9 @@
985
986 deb_i2c("\n");
987
988- return 0;
989+out:
990+ kfree(b);
991+ return error;
992 }
993
994 static int technisat_usb2_i2c_xfer(struct i2c_adapter *adap, struct i2c_msg *msg,
995@@ -224,14 +233,16 @@
996 {
997 int ret;
998
999- u8 led[8] = {
1000- red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
1001- 0
1002- };
1003+ u8 *led = kzalloc(8, GFP_KERNEL);
1004+
1005+ if (led == NULL)
1006+ return -ENOMEM;
1007
1008 if (disable_led_control && state != TECH_LED_OFF)
1009 return 0;
1010
1011+ led[0] = red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST;
1012+
1013 switch (state) {
1014 case TECH_LED_ON:
1015 led[1] = 0x82;
1016@@ -263,16 +274,22 @@
1017 red ? SET_RED_LED_VENDOR_REQUEST : SET_GREEN_LED_VENDOR_REQUEST,
1018 USB_TYPE_VENDOR | USB_DIR_OUT,
1019 0, 0,
1020- led, sizeof(led), 500);
1021+ led, 8, 500);
1022
1023 mutex_unlock(&d->i2c_mutex);
1024+
1025+ kfree(led);
1026+
1027 return ret;
1028 }
1029
1030 static int technisat_usb2_set_led_timer(struct dvb_usb_device *d, u8 red, u8 green)
1031 {
1032 int ret;
1033- u8 b = 0;
1034+ u8 *b = kzalloc(1, GFP_KERNEL);
1035+
1036+ if (b == NULL)
1037+ return -ENOMEM;
1038
1039 if (mutex_lock_interruptible(&d->i2c_mutex) < 0)
1040 return -EAGAIN;
1041@@ -281,10 +298,12 @@
1042 SET_LED_TIMER_DIVIDER_VENDOR_REQUEST,
1043 USB_TYPE_VENDOR | USB_DIR_OUT,
1044 (red << 8) | green, 0,
1045- &b, 1, 500);
1046+ b, 1, 500);
1047
1048 mutex_unlock(&d->i2c_mutex);
1049
1050+ kfree(b);
1051+
1052 return ret;
1053 }
1054
1055@@ -328,7 +347,7 @@
1056 struct dvb_usb_device_description **desc, int *cold)
1057 {
1058 int ret;
1059- u8 version[3];
1060+ u8 *version = kmalloc(3, GFP_KERNEL);
1061
1062 /* first select the interface */
1063 if (usb_set_interface(udev, 0, 1) != 0)
1064@@ -338,11 +357,14 @@
1065
1066 *cold = 0; /* by default do not download a firmware - just in case something is wrong */
1067
1068+ if (version == NULL)
1069+ return 0;
1070+
1071 ret = usb_control_msg(udev, usb_rcvctrlpipe(udev, 0),
1072 GET_VERSION_INFO_VENDOR_REQUEST,
1073 USB_TYPE_VENDOR | USB_DIR_IN,
1074 0, 0,
1075- version, sizeof(version), 500);
1076+ version, 3, 500);
1077
1078 if (ret < 0)
1079 *cold = 1;
1080@@ -351,6 +373,8 @@
1081 *cold = 0;
1082 }
1083
1084+ kfree(version);
1085+
1086 return 0;
1087 }
1088
23588859 1089@@ -594,10 +618,15 @@
91e56a59
AF		 1090
1091 static int technisat_usb2_get_ir(struct dvb_usb_device *d)
1092 {
1093- u8 buf[62], *b;
1094+ u8 *buf, *b;
1095 int ret;
1096 struct ir_raw_event ev;
1097
1098+ buf = kmalloc(62, GFP_KERNEL);
1099+
1100+ if (buf == NULL)
1101+ return -ENOMEM;
1102+
1103 buf[0] = GET_IR_DATA_VENDOR_REQUEST;
1104 buf[1] = 0x08;
1105 buf[2] = 0x8f;
23588859 1106@@ -620,16 +649,20 @@
91e56a59
AF		 1107 GET_IR_DATA_VENDOR_REQUEST,
1108 USB_TYPE_VENDOR | USB_DIR_IN,
1109 0x8080, 0,
1110- buf, sizeof(buf), 500);
1111+ buf, 62, 500);
1112
1113 unlock:
1114 mutex_unlock(&d->i2c_mutex);
1115
1116- if (ret < 0)
1117+ if (ret < 0) {
1118+ kfree(buf);
1119 return ret;
1120+ }
1121
1122- if (ret == 1)
1123+ if (ret == 1) {
1124+ kfree(buf);
1125 return 0; /* no key pressed */
1126+ }
1127
1128 /* decoding */
1129 b = buf+1;
23588859 1130@@ -656,6 +689,8 @@
91e56a59
AF		 1131
1132 ir_raw_event_handle(d->rc_dev);
1133
1134+ kfree(buf);
1135+
1136 return 1;
1137 }
1138
23588859
AF		 1139diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
1140--- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2015-11-15 22:19:38.000000000 +0100
1141+++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-compat-ioctl32.c 2016-01-27 12:26:21.269959657 +0100
1142@@ -429,7 +429,7 @@
1143 * by passing a very big num_planes value */
1144 uplane = compat_alloc_user_space(num_planes *
1145 sizeof(struct v4l2_plane));
1146- kp->m.planes = (__force struct v4l2_plane *)uplane;
1147+ kp->m.planes = (__force_kernel struct v4l2_plane *)uplane;
1148
1149 while (--num_planes >= 0) {
1150 ret = get_v4l2_plane32(uplane, uplane32, kp->memory);
1151@@ -500,7 +500,7 @@
1152 if (num_planes == 0)
1153 return 0;
1154
1155- uplane = (__force struct v4l2_plane __user *)kp->m.planes;
1156+ uplane = (struct v4l2_plane __force_user *)kp->m.planes;
1157 if (get_user(p, &up->m.planes))
1158 return -EFAULT;
1159 uplane32 = compat_ptr(p);
1160@@ -564,7 +564,7 @@
1161 get_user(kp->flags, &up->flags) ||
1162 copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt)))
1163 return -EFAULT;
1164- kp->base = (__force void *)compat_ptr(tmp);
1165+ kp->base = (__force_kernel void *)compat_ptr(tmp);
1166 return 0;
1167 }
1168
1169@@ -669,7 +669,7 @@
1170 n * sizeof(struct v4l2_ext_control32)))
1171 return -EFAULT;
1172 kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control));
1173- kp->controls = (__force struct v4l2_ext_control *)kcontrols;
1174+ kp->controls = (__force_kernel struct v4l2_ext_control *)kcontrols;
1175 while (--n >= 0) {
1176 u32 id;
1177
1178@@ -696,7 +696,7 @@
1179 {
1180 struct v4l2_ext_control32 __user *ucontrols;
1181 struct v4l2_ext_control __user *kcontrols =
1182- (__force struct v4l2_ext_control __user *)kp->controls;
1183+ (struct v4l2_ext_control __force_user *)kp->controls;
1184 int n = kp->count;
1185 compat_caddr_t p;
1186
1187@@ -780,7 +780,7 @@
1188 get_user(tmp, &up->edid) ||
1189 copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
1190 return -EFAULT;
1191- kp->edid = (__force u8 *)compat_ptr(tmp);
1192+ kp->edid = (__force_kernel u8 *)compat_ptr(tmp);
1193 return 0;
1194 }
1195
1196diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c
1197--- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-device.c 2015-11-15 22:19:38.000000000 +0100
1198+++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-device.c 2016-01-27 12:26:21.269959657 +0100
1199@@ -74,9 +74,9 @@
91e56a59
AF		 1200 EXPORT_SYMBOL_GPL(v4l2_device_put);
1201
1202 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
1203- atomic_t *instance)
1204+ atomic_unchecked_t *instance)
1205 {
1206- int num = atomic_inc_return(instance) - 1;
1207+ int num = atomic_inc_return_unchecked(instance) - 1;
1208 int len = strlen(basename);
1209
1210 if (basename[len - 1] >= '0' && basename[len - 1] <= '9')
23588859
AF		 1211diff -Naur backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c
1212--- backports-4.2.6-1.org/drivers/media/v4l2-core/v4l2-ioctl.c 2015-11-15 22:19:38.000000000 +0100
1213+++ backports-4.2.6-1/drivers/media/v4l2-core/v4l2-ioctl.c 2016-01-27 12:26:21.269959657 +0100
1214@@ -2341,7 +2341,8 @@
91e56a59
AF		 1215 struct file *file, void *fh, void *p);
1216 } u;
1217 void (*debug)(const void *arg, bool write_only);
1218-};
1219+} __do_const;
1220+typedef struct v4l2_ioctl_info __no_const v4l2_ioctl_info_no_const;
1221
1222 /* This control needs a priority check */
1223 #define INFO_FL_PRIO (1 << 0)
23588859 1224@@ -2525,7 +2526,7 @@
91e56a59
AF		 1225 struct video_device *vfd = video_devdata(file);
1226 const struct v4l2_ioctl_ops *ops = vfd->ioctl_ops;
1227 bool write_only = false;
1228- struct v4l2_ioctl_info default_info;
1229+ v4l2_ioctl_info_no_const default_info;
1230 const struct v4l2_ioctl_info *info;
1231 void *fh = file->private_data;
1232 struct v4l2_fh *vfh = NULL;
23588859 1233@@ -2616,7 +2617,7 @@
91e56a59
AF		 1234 ret = -EINVAL;
1235 break;
1236 }
1237- *user_ptr = (void __user *)buf->m.planes;
1238+ *user_ptr = (void __force_user *)buf->m.planes;
1239 *kernel_ptr = (void **)&buf->m.planes;
1240 *array_size = sizeof(struct v4l2_plane) * buf->length;
1241 ret = 1;
23588859 1242@@ -2633,7 +2634,7 @@
91e56a59
AF		 1243 ret = -EINVAL;
1244 break;
1245 }
1246- *user_ptr = (void __user *)edid->edid;
1247+ *user_ptr = (void __force_user *)edid->edid;
1248 *kernel_ptr = (void **)&edid->edid;
1249 *array_size = edid->blocks * 128;
1250 ret = 1;
23588859 1251@@ -2651,7 +2652,7 @@
91e56a59
AF		 1252 ret = -EINVAL;
1253 break;
1254 }
1255- *user_ptr = (void __user *)ctrls->controls;
1256+ *user_ptr = (void __force_user *)ctrls->controls;
1257 *kernel_ptr = (void **)&ctrls->controls;
1258 *array_size = sizeof(struct v4l2_ext_control)
1259 * ctrls->count;
23588859 1260@@ -2752,7 +2753,7 @@
91e56a59
AF		 1261 }
1262
1263 if (has_array_args) {
1264- *kernel_ptr = (void __force *)user_ptr;
1265+ *kernel_ptr = (void __force_kernel *)user_ptr;
1266 if (copy_to_user(user_ptr, mbuf, array_size))
1267 err = -EFAULT;
1268 goto out_array_args;
23588859
AF		 1269diff -Naur backports-4.2.6-1.org/drivers/net/usb/sierra_net.c backports-4.2.6-1/drivers/net/usb/sierra_net.c
1270--- backports-4.2.6-1.org/drivers/net/usb/sierra_net.c 2015-11-15 22:19:39.000000000 +0100
1271+++ backports-4.2.6-1/drivers/net/usb/sierra_net.c 2016-01-27 12:26:21.283292990 +0100
91e56a59
AF		 1272@@ -51,7 +51,7 @@
1273 /* atomic counter partially included in MAC address to make sure 2 devices
1274 * do not end up with the same MAC - concept breaks in case of > 255 ifaces
1275 */
1276-static atomic_t iface_counter = ATOMIC_INIT(0);
1277+static atomic_unchecked_t iface_counter = ATOMIC_INIT(0);
1278
1279 /*
1280 * SYNC Timer Delay definition used to set the expiry time
1281@@ -697,7 +697,7 @@
1282 dev->net->netdev_ops = &sierra_net_device_ops;
1283
1284 /* change MAC addr to include, ifacenum, and to be unique */
1285- dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return(&iface_counter);
1286+ dev->net->dev_addr[ETH_ALEN-2] = atomic_inc_return_unchecked(&iface_counter);
1287 dev->net->dev_addr[ETH_ALEN-1] = ifacenum;
1288
1289 /* we will have to manufacture ethernet headers, prepare template */
23588859
AF		 1290diff -Naur backports-4.2.6-1.org/drivers/net/wireless/airo.c backports-4.2.6-1/drivers/net/wireless/airo.c
1291--- backports-4.2.6-1.org/drivers/net/wireless/airo.c 2015-11-15 22:19:39.000000000 +0100
1292+++ backports-4.2.6-1/drivers/net/wireless/airo.c 2016-01-27 12:26:21.286626323 +0100
1293@@ -7846,7 +7846,7 @@
1294 struct airo_info *ai = dev->ml_priv;
1295 int ridcode;
1296 int enabled;
1297- static int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
1298+ int (* writer)(struct airo_info *, u16 rid, const void *, int, int);
1299 unsigned char *iobuf;
1300
1301 /* Only super-user can write RIDs */
1302diff -Naur backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c
1303--- backports-4.2.6-1.org/drivers/net/wireless/at76c50x-usb.c 2015-11-15 22:19:39.000000000 +0100
1304+++ backports-4.2.6-1/drivers/net/wireless/at76c50x-usb.c 2016-01-27 12:26:21.286626323 +0100
91e56a59
AF		 1305@@ -353,7 +353,7 @@
1306 }
1307
1308 /* Convert timeout from the DFU status to jiffies */
1309-static inline unsigned long at76_get_timeout(struct dfu_status *s)
1310+static inline unsigned long __intentional_overflow(-1) at76_get_timeout(struct dfu_status *s)
1311 {
1312 return msecs_to_jiffies((s->poll_timeout[2] << 16)
1313 | (s->poll_timeout[1] << 8)
23588859
AF		 1314diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c
1315--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/ce.c 2015-11-15 22:19:40.000000000 +0100
1316+++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/ce.c 2016-01-27 12:26:21.286626323 +0100
1317@@ -896,12 +896,12 @@
1318 return 0;
1319 }
1320
1321-static struct ath10k_ce_ring *
1322+static struct ath10k_ce_ring * __intentional_overflow(-1)
1323 ath10k_ce_alloc_src_ring(struct ath10k *ar, unsigned int ce_id,
1324 const struct ce_attr *attr)
1325 {
1326 struct ath10k_ce_ring *src_ring;
1327- u32 nentries = attr->src_nentries;
1328+ unsigned long nentries = attr->src_nentries;
1329 dma_addr_t base_addr;
1330
1331 nentries = roundup_pow_of_two(nentries);
1332@@ -968,7 +968,7 @@
1333 const struct ce_attr *attr)
1334 {
1335 struct ath10k_ce_ring *dest_ring;
1336- u32 nentries;
1337+ unsigned long nentries;
1338 dma_addr_t base_addr;
1339
1340 nentries = roundup_pow_of_two(attr->dest_nentries);
1341diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c
1342--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.c 2015-11-15 22:19:40.000000000 +0100
1343+++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.c 2016-01-27 12:26:21.286626323 +0100
1344@@ -841,7 +841,10 @@
91e56a59
AF		 1345 /* registered target arrival callback from the HIF layer */
1346 int ath10k_htc_init(struct ath10k *ar)
1347 {
1348- struct ath10k_hif_cb htc_callbacks;
1349+ static struct ath10k_hif_cb htc_callbacks = {
1350+ .rx_completion = ath10k_htc_rx_completion_handler,
1351+ .tx_completion = ath10k_htc_tx_completion_handler,
1352+ };
1353 struct ath10k_htc_ep *ep = NULL;
1354 struct ath10k_htc *htc = &ar->htc;
1355
23588859 1356@@ -850,8 +853,6 @@
91e56a59
AF		 1357 ath10k_htc_reset_endpoint_states(htc);
1358
1359 /* setup HIF layer callbacks */
1360- htc_callbacks.rx_completion = ath10k_htc_rx_completion_handler;
1361- htc_callbacks.tx_completion = ath10k_htc_tx_completion_handler;
1362 htc->ar = ar;
1363
1364 /* Get HIF default pipe for HTC message exchange */
23588859
AF		 1365diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h
1366--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath10k/htc.h 2015-11-15 22:19:40.000000000 +0100
1367+++ backports-4.2.6-1/drivers/net/wireless/ath/ath10k/htc.h 2016-01-27 12:26:21.286626323 +0100
91e56a59
AF		 1368@@ -270,13 +270,13 @@
1369
1370 struct ath10k_htc_ops {
1371 void (*target_send_suspend_complete)(struct ath10k *ar);
1372-};
1373+} __no_const;
1374
1375 struct ath10k_htc_ep_ops {
1376 void (*ep_tx_complete)(struct ath10k *, struct sk_buff *);
1377 void (*ep_rx_complete)(struct ath10k *, struct sk_buff *);
1378 void (*ep_tx_credits)(struct ath10k *);
1379-};
1380+} __no_const;
1381
1382 /* service connection information */
1383 struct ath10k_htc_svc_conn_req {
23588859
AF		 1384diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c
1385--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2015-11-15 22:19:39.000000000 +0100
1386+++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9002_mac.c 2016-01-27 12:26:21.286626323 +0100
91e56a59
AF		 1387@@ -220,8 +220,8 @@
1388 ads->ds_txstatus6 = ads->ds_txstatus7 = 0;
1389 ads->ds_txstatus8 = ads->ds_txstatus9 = 0;
1390
1391- ACCESS_ONCE(ads->ds_link) = i->link;
1392- ACCESS_ONCE(ads->ds_data) = i->buf_addr[0];
1393+ ACCESS_ONCE_RW(ads->ds_link) = i->link;
1394+ ACCESS_ONCE_RW(ads->ds_data) = i->buf_addr[0];
1395
1396 ctl1 = i->buf_len[0] | (i->is_last ? 0 : AR_TxMore);
1397 ctl6 = SM(i->keytype, AR_EncrType);
1398@@ -235,26 +235,26 @@
1399
1400 if ((i->is_first || i->is_last) &&
1401 i->aggr != AGGR_BUF_MIDDLE && i->aggr != AGGR_BUF_LAST) {
1402- ACCESS_ONCE(ads->ds_ctl2) = set11nTries(i->rates, 0)
1403+ ACCESS_ONCE_RW(ads->ds_ctl2) = set11nTries(i->rates, 0)
1404 | set11nTries(i->rates, 1)
1405 | set11nTries(i->rates, 2)
1406 | set11nTries(i->rates, 3)
1407 | (i->dur_update ? AR_DurUpdateEna : 0)
1408 | SM(0, AR_BurstDur);
1409
1410- ACCESS_ONCE(ads->ds_ctl3) = set11nRate(i->rates, 0)
1411+ ACCESS_ONCE_RW(ads->ds_ctl3) = set11nRate(i->rates, 0)
1412 | set11nRate(i->rates, 1)
1413 | set11nRate(i->rates, 2)
1414 | set11nRate(i->rates, 3);
1415 } else {
1416- ACCESS_ONCE(ads->ds_ctl2) = 0;
1417- ACCESS_ONCE(ads->ds_ctl3) = 0;
1418+ ACCESS_ONCE_RW(ads->ds_ctl2) = 0;
1419+ ACCESS_ONCE_RW(ads->ds_ctl3) = 0;
1420 }
1421
1422 if (!i->is_first) {
1423- ACCESS_ONCE(ads->ds_ctl0) = 0;
1424- ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1425- ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1426+ ACCESS_ONCE_RW(ads->ds_ctl0) = 0;
1427+ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1428+ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1429 return;
1430 }
1431
1432@@ -279,7 +279,7 @@
1433 break;
1434 }
1435
1436- ACCESS_ONCE(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1437+ ACCESS_ONCE_RW(ads->ds_ctl0) = (i->pkt_len & AR_FrameLen)
1438 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
23588859 1439 | SM(i->txpower[0], AR_XmitPower0)
91e56a59
AF		 1440 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1441@@ -289,27 +289,27 @@
1442 | (i->flags & ATH9K_TXDESC_RTSENA ? AR_RTSEnable :
1443 (i->flags & ATH9K_TXDESC_CTSENA ? AR_CTSEnable : 0));
1444
1445- ACCESS_ONCE(ads->ds_ctl1) = ctl1;
1446- ACCESS_ONCE(ads->ds_ctl6) = ctl6;
1447+ ACCESS_ONCE_RW(ads->ds_ctl1) = ctl1;
1448+ ACCESS_ONCE_RW(ads->ds_ctl6) = ctl6;
1449
1450 if (i->aggr == AGGR_BUF_MIDDLE || i->aggr == AGGR_BUF_LAST)
1451 return;
1452
1453- ACCESS_ONCE(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1454+ ACCESS_ONCE_RW(ads->ds_ctl4) = set11nPktDurRTSCTS(i->rates, 0)
1455 | set11nPktDurRTSCTS(i->rates, 1);
1456
1457- ACCESS_ONCE(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1458+ ACCESS_ONCE_RW(ads->ds_ctl5) = set11nPktDurRTSCTS(i->rates, 2)
1459 | set11nPktDurRTSCTS(i->rates, 3);
1460
1461- ACCESS_ONCE(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1462+ ACCESS_ONCE_RW(ads->ds_ctl7) = set11nRateFlags(i->rates, 0)
1463 | set11nRateFlags(i->rates, 1)
1464 | set11nRateFlags(i->rates, 2)
1465 | set11nRateFlags(i->rates, 3)
1466 | SM(i->rtscts_rate, AR_RTSCTSRate);
1467
23588859
AF		 1468- ACCESS_ONCE(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
1469- ACCESS_ONCE(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
1470- ACCESS_ONCE(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
1471+ ACCESS_ONCE_RW(ads->ds_ctl9) = SM(i->txpower[1], AR_XmitPower1);
1472+ ACCESS_ONCE_RW(ads->ds_ctl10) = SM(i->txpower[2], AR_XmitPower2);
1473+ ACCESS_ONCE_RW(ads->ds_ctl11) = SM(i->txpower[3], AR_XmitPower3);
91e56a59
AF		 1474 }
1475
1476 static int ar9002_hw_proc_txdesc(struct ath_hw *ah, void *ds,
23588859
AF		 1477diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c
1478--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2015-11-15 22:19:39.000000000 +0100
1479+++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/ar9003_mac.c 2016-01-27 12:26:21.286626323 +0100
91e56a59
AF		 1480@@ -39,47 +39,47 @@
1481 (i->qcu << AR_TxQcuNum_S) | desc_len;
1482
1483 checksum += val;
1484- ACCESS_ONCE(ads->info) = val;
1485+ ACCESS_ONCE_RW(ads->info) = val;
1486
1487 checksum += i->link;
1488- ACCESS_ONCE(ads->link) = i->link;
1489+ ACCESS_ONCE_RW(ads->link) = i->link;
1490
1491 checksum += i->buf_addr[0];
1492- ACCESS_ONCE(ads->data0) = i->buf_addr[0];
1493+ ACCESS_ONCE_RW(ads->data0) = i->buf_addr[0];
1494 checksum += i->buf_addr[1];
1495- ACCESS_ONCE(ads->data1) = i->buf_addr[1];
1496+ ACCESS_ONCE_RW(ads->data1) = i->buf_addr[1];
1497 checksum += i->buf_addr[2];
1498- ACCESS_ONCE(ads->data2) = i->buf_addr[2];
1499+ ACCESS_ONCE_RW(ads->data2) = i->buf_addr[2];
1500 checksum += i->buf_addr[3];
1501- ACCESS_ONCE(ads->data3) = i->buf_addr[3];
1502+ ACCESS_ONCE_RW(ads->data3) = i->buf_addr[3];
1503
1504 checksum += (val = (i->buf_len[0] << AR_BufLen_S) & AR_BufLen);
1505- ACCESS_ONCE(ads->ctl3) = val;
1506+ ACCESS_ONCE_RW(ads->ctl3) = val;
1507 checksum += (val = (i->buf_len[1] << AR_BufLen_S) & AR_BufLen);
1508- ACCESS_ONCE(ads->ctl5) = val;
1509+ ACCESS_ONCE_RW(ads->ctl5) = val;
1510 checksum += (val = (i->buf_len[2] << AR_BufLen_S) & AR_BufLen);
1511- ACCESS_ONCE(ads->ctl7) = val;
1512+ ACCESS_ONCE_RW(ads->ctl7) = val;
1513 checksum += (val = (i->buf_len[3] << AR_BufLen_S) & AR_BufLen);
1514- ACCESS_ONCE(ads->ctl9) = val;
1515+ ACCESS_ONCE_RW(ads->ctl9) = val;
1516
1517 checksum = (u16) (((checksum & 0xffff) + (checksum >> 16)) & 0xffff);
1518- ACCESS_ONCE(ads->ctl10) = checksum;
1519+ ACCESS_ONCE_RW(ads->ctl10) = checksum;
1520
1521 if (i->is_first || i->is_last) {
1522- ACCESS_ONCE(ads->ctl13) = set11nTries(i->rates, 0)
1523+ ACCESS_ONCE_RW(ads->ctl13) = set11nTries(i->rates, 0)
1524 | set11nTries(i->rates, 1)
1525 | set11nTries(i->rates, 2)
1526 | set11nTries(i->rates, 3)
1527 | (i->dur_update ? AR_DurUpdateEna : 0)
1528 | SM(0, AR_BurstDur);
1529
1530- ACCESS_ONCE(ads->ctl14) = set11nRate(i->rates, 0)
1531+ ACCESS_ONCE_RW(ads->ctl14) = set11nRate(i->rates, 0)
1532 | set11nRate(i->rates, 1)
1533 | set11nRate(i->rates, 2)
1534 | set11nRate(i->rates, 3);
1535 } else {
1536- ACCESS_ONCE(ads->ctl13) = 0;
1537- ACCESS_ONCE(ads->ctl14) = 0;
1538+ ACCESS_ONCE_RW(ads->ctl13) = 0;
1539+ ACCESS_ONCE_RW(ads->ctl14) = 0;
1540 }
1541
1542 ads->ctl20 = 0;
1543@@ -89,17 +89,17 @@
1544
1545 ctl17 = SM(i->keytype, AR_EncrType);
1546 if (!i->is_first) {
1547- ACCESS_ONCE(ads->ctl11) = 0;
1548- ACCESS_ONCE(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1549- ACCESS_ONCE(ads->ctl15) = 0;
1550- ACCESS_ONCE(ads->ctl16) = 0;
1551- ACCESS_ONCE(ads->ctl17) = ctl17;
1552- ACCESS_ONCE(ads->ctl18) = 0;
1553- ACCESS_ONCE(ads->ctl19) = 0;
1554+ ACCESS_ONCE_RW(ads->ctl11) = 0;
1555+ ACCESS_ONCE_RW(ads->ctl12) = i->is_last ? 0 : AR_TxMore;
1556+ ACCESS_ONCE_RW(ads->ctl15) = 0;
1557+ ACCESS_ONCE_RW(ads->ctl16) = 0;
1558+ ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1559+ ACCESS_ONCE_RW(ads->ctl18) = 0;
1560+ ACCESS_ONCE_RW(ads->ctl19) = 0;
1561 return;
1562 }
1563
1564- ACCESS_ONCE(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1565+ ACCESS_ONCE_RW(ads->ctl11) = (i->pkt_len & AR_FrameLen)
1566 | (i->flags & ATH9K_TXDESC_VMF ? AR_VirtMoreFrag : 0)
23588859 1567 | SM(i->txpower[0], AR_XmitPower0)
91e56a59
AF		 1568 | (i->flags & ATH9K_TXDESC_VEOL ? AR_VEOL : 0)
1569@@ -135,26 +135,26 @@
1570 val = (i->flags & ATH9K_TXDESC_PAPRD) >> ATH9K_TXDESC_PAPRD_S;
1571 ctl12 |= SM(val, AR_PAPRDChainMask);
1572
1573- ACCESS_ONCE(ads->ctl12) = ctl12;
1574- ACCESS_ONCE(ads->ctl17) = ctl17;
1575+ ACCESS_ONCE_RW(ads->ctl12) = ctl12;
1576+ ACCESS_ONCE_RW(ads->ctl17) = ctl17;
1577
1578- ACCESS_ONCE(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1579+ ACCESS_ONCE_RW(ads->ctl15) = set11nPktDurRTSCTS(i->rates, 0)
1580 | set11nPktDurRTSCTS(i->rates, 1);
1581
1582- ACCESS_ONCE(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1583+ ACCESS_ONCE_RW(ads->ctl16) = set11nPktDurRTSCTS(i->rates, 2)
1584 | set11nPktDurRTSCTS(i->rates, 3);
1585
1586- ACCESS_ONCE(ads->ctl18) = set11nRateFlags(i->rates, 0)
1587+ ACCESS_ONCE_RW(ads->ctl18) = set11nRateFlags(i->rates, 0)
1588 | set11nRateFlags(i->rates, 1)
1589 | set11nRateFlags(i->rates, 2)
1590 | set11nRateFlags(i->rates, 3)
1591 | SM(i->rtscts_rate, AR_RTSCTSRate);
1592
1593- ACCESS_ONCE(ads->ctl19) = AR_Not_Sounding;
1594+ ACCESS_ONCE_RW(ads->ctl19) = AR_Not_Sounding;
1595
23588859
AF		 1596- ACCESS_ONCE(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
1597- ACCESS_ONCE(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
1598- ACCESS_ONCE(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
1599+ ACCESS_ONCE_RW(ads->ctl20) = SM(i->txpower[1], AR_XmitPower1);
1600+ ACCESS_ONCE_RW(ads->ctl21) = SM(i->txpower[2], AR_XmitPower2);
1601+ ACCESS_ONCE_RW(ads->ctl22) = SM(i->txpower[3], AR_XmitPower3);
91e56a59
AF		 1602 }
1603
1604 static u16 ar9003_calc_ptr_chksum(struct ar9003_txc *ads)
23588859
AF		 1605diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h
1606--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/hw.h 2015-11-15 22:19:39.000000000 +0100
1607+++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/hw.h 2016-01-27 12:33:44.649931973 +0100
1608@@ -671,7 +671,7 @@
1609 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1610 bool (*is_aic_enabled)(struct ath_hw *ah);
1611 #endif /* CPTCFG_ATH9K_BTCOEX_SUPPORT */
91e56a59
AF		 1612-};
1613+} __no_const;
1614
1615 /**
1616 * struct ath_spec_scan - parameters for Atheros spectral scan
23588859 1617@@ -747,7 +747,7 @@
91e56a59
AF		 1618 #ifdef CPTCFG_ATH9K_BTCOEX_SUPPORT
1619 void (*set_bt_ant_diversity)(struct ath_hw *hw, bool enable);
1620 #endif
1621-};
1622+} __no_const;
1623
1624 struct ath_nf_limits {
1625 s16 max;
23588859
AF		 1626diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig
1627--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/Kconfig 2015-11-15 22:19:40.000000000 +0100
1628+++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/Kconfig 2016-01-27 12:34:48.923262299 +0100
1629@@ -5,7 +5,6 @@
1630 tristate
1631 depends on m
1632 select ATH_COMMON
1633- depends on DEBUG_FS
1634 depends on RELAY
1635 config ATH9K_DFS_DEBUGFS
1636 def_bool y
1637diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c
1638--- backports-4.2.6-1.org/drivers/net/wireless/ath/ath9k/main.c 2015-11-15 22:19:39.000000000 +0100
1639+++ backports-4.2.6-1/drivers/net/wireless/ath/ath9k/main.c 2016-01-27 12:26:21.289959656 +0100
1640@@ -2574,16 +2574,18 @@
91e56a59
AF		 1641 if (!ath9k_is_chanctx_enabled())
1642 return;
1643
1644- ath9k_ops.hw_scan = ath9k_hw_scan;
1645- ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1646- ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1647- ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1648- ath9k_ops.add_chanctx = ath9k_add_chanctx;
1649- ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1650- ath9k_ops.change_chanctx = ath9k_change_chanctx;
1651- ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1652- ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1653- ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1654+ pax_open_kernel();
1655+ *(void **)&ath9k_ops.hw_scan = ath9k_hw_scan;
1656+ *(void **)&ath9k_ops.cancel_hw_scan = ath9k_cancel_hw_scan;
1657+ *(void **)&ath9k_ops.remain_on_channel = ath9k_remain_on_channel;
1658+ *(void **)&ath9k_ops.cancel_remain_on_channel = ath9k_cancel_remain_on_channel;
1659+ *(void **)&ath9k_ops.add_chanctx = ath9k_add_chanctx;
1660+ *(void **)&ath9k_ops.remove_chanctx = ath9k_remove_chanctx;
1661+ *(void **)&ath9k_ops.change_chanctx = ath9k_change_chanctx;
1662+ *(void **)&ath9k_ops.assign_vif_chanctx = ath9k_assign_vif_chanctx;
1663+ *(void **)&ath9k_ops.unassign_vif_chanctx = ath9k_unassign_vif_chanctx;
1664+ *(void **)&ath9k_ops.mgd_prepare_tx = ath9k_mgd_prepare_tx;
1665+ pax_close_kernel();
1666 }
1667
1668 #endif
23588859
AF		 1669diff -Naur backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c
1670--- backports-4.2.6-1.org/drivers/net/wireless/b43/phy_lp.c 2015-11-15 22:19:39.000000000 +0100
1671+++ backports-4.2.6-1/drivers/net/wireless/b43/phy_lp.c 2016-01-27 12:26:21.289959656 +0100
91e56a59
AF		 1672@@ -2502,7 +2502,7 @@
1673 {
1674 struct ssb_bus *bus = dev->dev->sdev->bus;
1675
1676- static const struct b206x_channel *chandata = NULL;
1677+ const struct b206x_channel *chandata = NULL;
1678 u32 crystal_freq = bus->chipco.pmu.crystalfreq * 1000;
1679 u32 freqref, vco_freq, val1, val2, val3, timeout, timeoutref, count;
1680 u16 old_comm15, scale;
23588859
AF		 1681diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c
1682--- backports-4.2.6-1.org/drivers/net/wireless/iwlegacy/3945-mac.c 2015-11-15 22:19:40.000000000 +0100
1683+++ backports-4.2.6-1/drivers/net/wireless/iwlegacy/3945-mac.c 2016-01-27 12:26:21.289959656 +0100
91e56a59
AF		 1684@@ -3633,7 +3633,9 @@
1685 */
1686 if (il3945_mod_params.disable_hw_scan) {
1687 D_INFO("Disabling hw_scan\n");
1688- il3945_mac_ops.hw_scan = NULL;
1689+ pax_open_kernel();
1690+ *(void **)&il3945_mac_ops.hw_scan = NULL;
1691+ pax_close_kernel();
1692 }
1693
1694 D_INFO("*** LOAD DRIVER ***\n");
23588859
AF		 1695diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c
1696--- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2015-11-15 22:19:39.000000000 +0100
1697+++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/dvm/debugfs.c 2016-01-27 12:26:21.289959656 +0100
91e56a59
AF		 1698@@ -188,7 +188,7 @@
1699 {
1700 struct iwl_priv *priv = file->private_data;
1701 char buf[64];
1702- int buf_size;
1703+ size_t buf_size;
1704 u32 offset, len;
1705
1706 memset(buf, 0, sizeof(buf));
1707@@ -458,7 +458,7 @@
1708 struct iwl_priv *priv = file->private_data;
1709
1710 char buf[8];
1711- int buf_size;
1712+ size_t buf_size;
1713 u32 reset_flag;
1714
1715 memset(buf, 0, sizeof(buf));
1716@@ -539,7 +539,7 @@
1717 {
1718 struct iwl_priv *priv = file->private_data;
1719 char buf[8];
1720- int buf_size;
1721+ size_t buf_size;
1722 int ht40;
1723
1724 memset(buf, 0, sizeof(buf));
1725@@ -591,7 +591,7 @@
1726 {
1727 struct iwl_priv *priv = file->private_data;
1728 char buf[8];
1729- int buf_size;
1730+ size_t buf_size;
1731 int value;
1732
1733 memset(buf, 0, sizeof(buf));
1734@@ -683,10 +683,10 @@
1735 DEBUGFS_READ_WRITE_FILE_OPS(sleep_level_override);
1736 DEBUGFS_READ_FILE_OPS(current_sleep_command);
1737
1738-static const char *fmt_value = " %-30s %10u\n";
1739-static const char *fmt_hex = " %-30s 0x%02X\n";
1740-static const char *fmt_table = " %-30s %10u %10u %10u %10u\n";
1741-static const char *fmt_header =
1742+static const char fmt_value[] = " %-30s %10u\n";
1743+static const char fmt_hex[] = " %-30s 0x%02X\n";
1744+static const char fmt_table[] = " %-30s %10u %10u %10u %10u\n";
1745+static const char fmt_header[] =
1746 "%-32s current cumulative delta max\n";
1747
1748 static int iwl_statistics_flag(struct iwl_priv *priv, char *buf, int bufsz)
1749@@ -1856,7 +1856,7 @@
1750 {
1751 struct iwl_priv *priv = file->private_data;
1752 char buf[8];
1753- int buf_size;
1754+ size_t buf_size;
1755 int clear;
1756
1757 memset(buf, 0, sizeof(buf));
1758@@ -1901,7 +1901,7 @@
1759 {
1760 struct iwl_priv *priv = file->private_data;
1761 char buf[8];
1762- int buf_size;
1763+ size_t buf_size;
1764 int trace;
1765
1766 memset(buf, 0, sizeof(buf));
1767@@ -1972,7 +1972,7 @@
1768 {
1769 struct iwl_priv *priv = file->private_data;
1770 char buf[8];
1771- int buf_size;
1772+ size_t buf_size;
1773 int missed;
1774
1775 memset(buf, 0, sizeof(buf));
1776@@ -2013,7 +2013,7 @@
1777
1778 struct iwl_priv *priv = file->private_data;
1779 char buf[8];
1780- int buf_size;
1781+ size_t buf_size;
1782 int plcp;
1783
1784 memset(buf, 0, sizeof(buf));
1785@@ -2073,7 +2073,7 @@
1786
1787 struct iwl_priv *priv = file->private_data;
1788 char buf[8];
1789- int buf_size;
1790+ size_t buf_size;
1791 int flush;
1792
1793 memset(buf, 0, sizeof(buf));
1794@@ -2163,7 +2163,7 @@
1795
1796 struct iwl_priv *priv = file->private_data;
1797 char buf[8];
1798- int buf_size;
1799+ size_t buf_size;
1800 int rts;
1801
1802 if (!priv->cfg->ht_params)
1803@@ -2204,7 +2204,7 @@
1804 {
1805 struct iwl_priv *priv = file->private_data;
1806 char buf[8];
1807- int buf_size;
1808+ size_t buf_size;
1809
1810 memset(buf, 0, sizeof(buf));
1811 buf_size = min(count, sizeof(buf) - 1);
1812@@ -2238,7 +2238,7 @@
1813 struct iwl_priv *priv = file->private_data;
1814 u32 event_log_flag;
1815 char buf[8];
1816- int buf_size;
1817+ size_t buf_size;
1818
1819 /* check that the interface is up */
1820 if (!iwl_is_ready(priv))
1821@@ -2292,7 +2292,7 @@
1822 struct iwl_priv *priv = file->private_data;
1823 char buf[8];
1824 u32 calib_disabled;
1825- int buf_size;
1826+ size_t buf_size;
1827
1828 memset(buf, 0, sizeof(buf));
1829 buf_size = min(count, sizeof(buf) - 1);
23588859
AF		 1830diff -Naur backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c
1831--- backports-4.2.6-1.org/drivers/net/wireless/iwlwifi/pcie/trans.c 2015-11-15 22:19:39.000000000 +0100
1832+++ backports-4.2.6-1/drivers/net/wireless/iwlwifi/pcie/trans.c 2016-01-27 12:26:21.289959656 +0100
1833@@ -1950,7 +1950,7 @@
91e56a59
AF		 1834 struct isr_statistics *isr_stats = &trans_pcie->isr_stats;
1835
1836 char buf[8];
1837- int buf_size;
1838+ size_t buf_size;
1839 u32 reset_flag;
1840
1841 memset(buf, 0, sizeof(buf));
23588859 1842@@ -1971,7 +1971,7 @@
91e56a59
AF		 1843 {
1844 struct iwl_trans *trans = file->private_data;
1845 char buf[8];
1846- int buf_size;
1847+ size_t buf_size;
1848 int csr;
1849
1850 memset(buf, 0, sizeof(buf));
23588859
AF		 1851diff -Naur backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c
1852--- backports-4.2.6-1.org/drivers/net/wireless/mac80211_hwsim.c 2015-11-15 22:19:39.000000000 +0100
1853+++ backports-4.2.6-1/drivers/net/wireless/mac80211_hwsim.c 2016-01-27 12:26:21.289959656 +0100
1854@@ -3150,20 +3150,20 @@
91e56a59
AF		 1855 if (channels < 1)
1856 return -EINVAL;
1857
1858- mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
1859- mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1860- mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1861- mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1862- mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1863- mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1864- mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1865- mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1866- mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1867- mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1868- mac80211_hwsim_mchan_ops.assign_vif_chanctx =
1869- mac80211_hwsim_assign_vif_chanctx;
1870- mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
1871- mac80211_hwsim_unassign_vif_chanctx;
1872+ pax_open_kernel();
1873+ memcpy((void *)&mac80211_hwsim_mchan_ops, &mac80211_hwsim_ops, sizeof mac80211_hwsim_mchan_ops);
1874+ *(void **)&mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
1875+ *(void **)&mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
1876+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
1877+ *(void **)&mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
1878+ *(void **)&mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
1879+ *(void **)&mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
1880+ *(void **)&mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
1881+ *(void **)&mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
1882+ *(void **)&mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
1883+ *(void **)&mac80211_hwsim_mchan_ops.assign_vif_chanctx = mac80211_hwsim_assign_vif_chanctx;
1884+ *(void **)&mac80211_hwsim_mchan_ops.unassign_vif_chanctx = mac80211_hwsim_unassign_vif_chanctx;
1885+ pax_close_kernel();
1886
1887 spin_lock_init(&hwsim_radio_lock);
1888 INIT_LIST_HEAD(&hwsim_radios);
23588859
AF		 1889diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c
1890--- backports-4.2.6-1.org/drivers/net/wireless/rndis_wlan.c 2015-11-15 22:19:39.000000000 +0100
1891+++ backports-4.2.6-1/drivers/net/wireless/rndis_wlan.c 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 1892@@ -1236,7 +1236,7 @@
1893
1894 netdev_dbg(usbdev->net, "%s(): %i\n", __func__, rts_threshold);
1895
1896- if (rts_threshold < 0 || rts_threshold > 2347)
1897+ if (rts_threshold > 2347)
1898 rts_threshold = 2347;
1899
1900 tmp = cpu_to_le32(rts_threshold);
23588859
AF		 1901diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h
1902--- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00.h 2015-11-15 22:19:39.000000000 +0100
1903+++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00.h 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 1904@@ -375,7 +375,7 @@
1905 * for hardware which doesn't support hardware
1906 * sequence counting.
1907 */
1908- atomic_t seqno;
1909+ atomic_unchecked_t seqno;
1910 };
1911
1912 static inline struct rt2x00_intf* vif_to_intf(struct ieee80211_vif *vif)
23588859
AF		 1913diff -Naur backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c
1914--- backports-4.2.6-1.org/drivers/net/wireless/rt2x00/rt2x00queue.c 2015-11-15 22:19:39.000000000 +0100
1915+++ backports-4.2.6-1/drivers/net/wireless/rt2x00/rt2x00queue.c 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 1916@@ -224,9 +224,9 @@
1917 * sequence counter given by mac80211.
1918 */
1919 if (test_bit(ENTRY_TXD_FIRST_FRAGMENT, &txdesc->flags))
1920- seqno = atomic_add_return(0x10, &intf->seqno);
1921+ seqno = atomic_add_return_unchecked(0x10, &intf->seqno);
1922 else
1923- seqno = atomic_read(&intf->seqno);
1924+ seqno = atomic_read_unchecked(&intf->seqno);
1925
1926 hdr->seq_ctrl &= cpu_to_le16(IEEE80211_SCTL_FRAG);
1927 hdr->seq_ctrl |= cpu_to_le16(seqno);
23588859
AF		 1928diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c
1929--- backports-4.2.6-1.org/drivers/net/wireless/ti/wl1251/sdio.c 2015-11-15 22:19:39.000000000 +0100
1930+++ backports-4.2.6-1/drivers/net/wireless/ti/wl1251/sdio.c 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 1931@@ -282,13 +282,17 @@
1932
1933 irq_set_irq_type(wl->irq, IRQ_TYPE_EDGE_RISING);
1934
1935- wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1936- wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1937+ pax_open_kernel();
1938+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_enable_line_irq;
1939+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_disable_line_irq;
1940+ pax_close_kernel();
1941
1942 wl1251_info("using dedicated interrupt line");
1943 } else {
1944- wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1945- wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1946+ pax_open_kernel();
1947+ *(void **)&wl1251_sdio_ops.enable_irq = wl1251_sdio_enable_irq;
1948+ *(void **)&wl1251_sdio_ops.disable_irq = wl1251_sdio_disable_irq;
1949+ pax_close_kernel();
1950
1951 wl1251_info("using SDIO interrupt");
1952 }
23588859
AF		 1953diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c
1954--- backports-4.2.6-1.org/drivers/net/wireless/ti/wl12xx/main.c 2015-11-15 22:19:39.000000000 +0100
1955+++ backports-4.2.6-1/drivers/net/wireless/ti/wl12xx/main.c 2016-01-27 12:26:21.293292990 +0100
1956@@ -655,7 +655,9 @@
91e56a59
AF		 1957 sizeof(wl->conf.mem));
1958
1959 /* read data preparation is only needed by wl127x */
1960- wl->ops->prepare_read = wl127x_prepare_read;
1961+ pax_open_kernel();
1962+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1963+ pax_close_kernel();
1964
1965 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1966 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
23588859 1967@@ -680,7 +682,9 @@
91e56a59
AF		 1968 sizeof(wl->conf.mem));
1969
1970 /* read data preparation is only needed by wl127x */
1971- wl->ops->prepare_read = wl127x_prepare_read;
1972+ pax_open_kernel();
1973+ *(void **)&wl->ops->prepare_read = wl127x_prepare_read;
1974+ pax_close_kernel();
1975
1976 wlcore_set_min_fw_ver(wl, WL127X_CHIP_VER,
1977 WL127X_IFTYPE_SR_VER, WL127X_MAJOR_SR_VER,
23588859
AF		 1978diff -Naur backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c
1979--- backports-4.2.6-1.org/drivers/net/wireless/ti/wl18xx/main.c 2015-11-15 22:19:39.000000000 +0100
1980+++ backports-4.2.6-1/drivers/net/wireless/ti/wl18xx/main.c 2016-01-27 12:26:21.293292990 +0100
1981@@ -1952,8 +1952,10 @@
91e56a59
AF		 1982 }
1983
1984 if (!checksum_param) {
1985- wl18xx_ops.set_rx_csum = NULL;
1986- wl18xx_ops.init_vif = NULL;
1987+ pax_open_kernel();
1988+ *(void **)&wl18xx_ops.set_rx_csum = NULL;
1989+ *(void **)&wl18xx_ops.init_vif = NULL;
1990+ pax_close_kernel();
1991 }
1992
1993 /* Enable 11a Band only if we have 5G antennas */
23588859
AF		 1994diff -Naur backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c
1995--- backports-4.2.6-1.org/drivers/net/wireless/zd1211rw/zd_usb.c 2015-11-15 22:19:39.000000000 +0100
1996+++ backports-4.2.6-1/drivers/net/wireless/zd1211rw/zd_usb.c 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 1997@@ -385,7 +385,7 @@
1998 {
1999 struct zd_usb *usb = urb->context;
2000 struct zd_usb_interrupt *intr = &usb->intr;
2001- int len;
2002+ unsigned int len;
2003 u16 int_num;
2004
2005 ZD_ASSERT(in_interrupt());
23588859
AF		 2006diff -Naur backports-4.2.6-1.org/drivers/nfc/nfcwilink.c backports-4.2.6-1/drivers/nfc/nfcwilink.c
2007--- backports-4.2.6-1.org/drivers/nfc/nfcwilink.c 2015-11-15 22:19:39.000000000 +0100
2008+++ backports-4.2.6-1/drivers/nfc/nfcwilink.c 2016-01-27 12:26:21.293292990 +0100
91e56a59
AF		 2009@@ -497,7 +497,7 @@
2010
2011 static int nfcwilink_probe(struct platform_device *pdev)
2012 {
2013- static struct nfcwilink *drv;
2014+ struct nfcwilink *drv;
2015 int rc;
2016 __u32 protocols;
2017
23588859
AF		 2018diff -Naur backports-4.2.6-1.org/include/linux/gracl_compat.h backports-4.2.6-1/include/linux/gracl_compat.h
2019--- backports-4.2.6-1.org/include/linux/gracl_compat.h 1970-01-01 01:00:00.000000000 +0100
2020+++ backports-4.2.6-1/include/linux/gracl_compat.h 2016-01-27 12:26:26.289959354 +0100
91e56a59
AF		 2021@@ -0,0 +1,156 @@
2022+#ifndef GR_ACL_COMPAT_H
2023+#define GR_ACL_COMPAT_H
2024+
2025+#include <linux/resource.h>
2026+#include <asm/resource.h>
2027+
2028+struct sprole_pw_compat {
2029+ compat_uptr_t rolename;
2030+ unsigned char salt[GR_SALT_LEN];
2031+ unsigned char sum[GR_SHA_LEN];
2032+};
2033+
2034+struct gr_hash_struct_compat {
2035+ compat_uptr_t table;
2036+ compat_uptr_t nametable;
2037+ compat_uptr_t first;
2038+ __u32 table_size;
2039+ __u32 used_size;
2040+ int type;
2041+};
2042+
2043+struct acl_subject_label_compat {
2044+ compat_uptr_t filename;
23588859 2045+ compat_u64 inode;
91e56a59
AF		 2046+ __u32 device;
2047+ __u32 mode;
2048+ kernel_cap_t cap_mask;
2049+ kernel_cap_t cap_lower;
2050+ kernel_cap_t cap_invert_audit;
2051+
2052+ struct compat_rlimit res[GR_NLIMITS];
2053+ __u32 resmask;
2054+
2055+ __u8 user_trans_type;
2056+ __u8 group_trans_type;
2057+ compat_uptr_t user_transitions;
2058+ compat_uptr_t group_transitions;
2059+ __u16 user_trans_num;
2060+ __u16 group_trans_num;
2061+
2062+ __u32 sock_families[2];
2063+ __u32 ip_proto[8];
2064+ __u32 ip_type;
2065+ compat_uptr_t ips;
2066+ __u32 ip_num;
2067+ __u32 inaddr_any_override;
2068+
2069+ __u32 crashes;
2070+ compat_ulong_t expires;
2071+
2072+ compat_uptr_t parent_subject;
2073+ compat_uptr_t hash;
2074+ compat_uptr_t prev;
2075+ compat_uptr_t next;
2076+
2077+ compat_uptr_t obj_hash;
2078+ __u32 obj_hash_size;
2079+ __u16 pax_flags;
2080+};
2081+
2082+struct role_allowed_ip_compat {
2083+ __u32 addr;
2084+ __u32 netmask;
2085+
2086+ compat_uptr_t prev;
2087+ compat_uptr_t next;
2088+};
2089+
2090+struct role_transition_compat {
2091+ compat_uptr_t rolename;
2092+
2093+ compat_uptr_t prev;
2094+ compat_uptr_t next;
2095+};
2096+
2097+struct acl_role_label_compat {
2098+ compat_uptr_t rolename;
2099+ uid_t uidgid;
2100+ __u16 roletype;
2101+
2102+ __u16 auth_attempts;
2103+ compat_ulong_t expires;
2104+
2105+ compat_uptr_t root_label;
2106+ compat_uptr_t hash;
2107+
2108+ compat_uptr_t prev;
2109+ compat_uptr_t next;
2110+
2111+ compat_uptr_t transitions;
2112+ compat_uptr_t allowed_ips;
2113+ compat_uptr_t domain_children;
2114+ __u16 domain_child_num;
2115+
2116+ umode_t umask;
2117+
2118+ compat_uptr_t subj_hash;
2119+ __u32 subj_hash_size;
2120+};
2121+
2122+struct user_acl_role_db_compat {
2123+ compat_uptr_t r_table;
2124+ __u32 num_pointers;
2125+ __u32 num_roles;
2126+ __u32 num_domain_children;
2127+ __u32 num_subjects;
2128+ __u32 num_objects;
2129+};
2130+
2131+struct acl_object_label_compat {
2132+ compat_uptr_t filename;
23588859 2133+ compat_u64 inode;
91e56a59
AF		 2134+ __u32 device;
2135+ __u32 mode;
2136+
2137+ compat_uptr_t nested;
2138+ compat_uptr_t globbed;
2139+
2140+ compat_uptr_t prev;
2141+ compat_uptr_t next;
2142+};
2143+
2144+struct acl_ip_label_compat {
2145+ compat_uptr_t iface;
2146+ __u32 addr;
2147+ __u32 netmask;
2148+ __u16 low, high;
2149+ __u8 mode;
2150+ __u32 type;
2151+ __u32 proto[8];
2152+
2153+ compat_uptr_t prev;
2154+ compat_uptr_t next;
2155+};
2156+
2157+struct gr_arg_compat {
2158+ struct user_acl_role_db_compat role_db;
2159+ unsigned char pw[GR_PW_LEN];
2160+ unsigned char salt[GR_SALT_LEN];
2161+ unsigned char sum[GR_SHA_LEN];
2162+ unsigned char sp_role[GR_SPROLE_LEN];
2163+ compat_uptr_t sprole_pws;
2164+ __u32 segv_device;
23588859 2165+ compat_u64 segv_inode;
91e56a59
AF		 2166+ uid_t segv_uid;
2167+ __u16 num_sprole_pws;
2168+ __u16 mode;
2169+};
2170+
2171+struct gr_arg_wrapper_compat {
2172+ compat_uptr_t arg;
2173+ __u32 version;
2174+ __u32 size;
2175+};
2176+
2177+#endif
23588859
AF		 2178diff -Naur backports-4.2.6-1.org/include/linux/gracl.h backports-4.2.6-1/include/linux/gracl.h
2179--- backports-4.2.6-1.org/include/linux/gracl.h 1970-01-01 01:00:00.000000000 +0100
2180+++ backports-4.2.6-1/include/linux/gracl.h 2016-01-27 12:26:26.289959354 +0100
2181@@ -0,0 +1,342 @@
91e56a59
AF		 2182+#ifndef GR_ACL_H
2183+#define GR_ACL_H
2184+
2185+#include <linux/grdefs.h>
2186+#include <linux/resource.h>
2187+#include <linux/capability.h>
2188+#include <linux/dcache.h>
2189+#include <asm/resource.h>
2190+
2191+/* Major status information */
2192+
23588859
AF		 2193+#define GR_VERSION "grsecurity 3.1"
2194+#define GRSECURITY_VERSION 0x3100
91e56a59
AF		 2195+
2196+enum {
2197+ GR_SHUTDOWN = 0,
2198+ GR_ENABLE = 1,
2199+ GR_SPROLE = 2,
2200+ GR_OLDRELOAD = 3,
2201+ GR_SEGVMOD = 4,
2202+ GR_STATUS = 5,
2203+ GR_UNSPROLE = 6,
2204+ GR_PASSSET = 7,
2205+ GR_SPROLEPAM = 8,
2206+ GR_RELOAD = 9,
2207+};
2208+
2209+/* Password setup definitions
2210+ * kernel/grhash.c */
2211+enum {
2212+ GR_PW_LEN = 128,
2213+ GR_SALT_LEN = 16,
2214+ GR_SHA_LEN = 32,
2215+};
2216+
2217+enum {
2218+ GR_SPROLE_LEN = 64,
2219+};
2220+
2221+enum {
2222+ GR_NO_GLOB = 0,
2223+ GR_REG_GLOB,
2224+ GR_CREATE_GLOB
2225+};
2226+
2227+#define GR_NLIMITS 32
2228+
2229+/* Begin Data Structures */
2230+
2231+struct sprole_pw {
2232+ unsigned char *rolename;
2233+ unsigned char salt[GR_SALT_LEN];
2234+ unsigned char sum[GR_SHA_LEN]; /* 256-bit SHA hash of the password */
2235+};
2236+
2237+struct name_entry {
2238+ __u32 key;
23588859 2239+ u64 inode;
91e56a59
AF		 2240+ dev_t device;
2241+ char *name;
2242+ __u16 len;
2243+ __u8 deleted;
2244+ struct name_entry *prev;
2245+ struct name_entry *next;
2246+};
2247+
2248+struct inodev_entry {
2249+ struct name_entry *nentry;
2250+ struct inodev_entry *prev;
2251+ struct inodev_entry *next;
2252+};
2253+
2254+struct acl_role_db {
2255+ struct acl_role_label **r_hash;
2256+ __u32 r_size;
2257+};
2258+
2259+struct inodev_db {
2260+ struct inodev_entry **i_hash;
2261+ __u32 i_size;
2262+};
2263+
2264+struct name_db {
2265+ struct name_entry **n_hash;
2266+ __u32 n_size;
2267+};
2268+
2269+struct crash_uid {
2270+ uid_t uid;
2271+ unsigned long expires;
2272+};
2273+
2274+struct gr_hash_struct {
2275+ void **table;
2276+ void **nametable;
2277+ void *first;
2278+ __u32 table_size;
2279+ __u32 used_size;
2280+ int type;
2281+};
2282+
2283+/* Userspace Grsecurity ACL data structures */
2284+
2285+struct acl_subject_label {
2286+ char *filename;
23588859 2287+ u64 inode;
91e56a59
AF		 2288+ dev_t device;
2289+ __u32 mode;
2290+ kernel_cap_t cap_mask;
2291+ kernel_cap_t cap_lower;
2292+ kernel_cap_t cap_invert_audit;
2293+
2294+ struct rlimit res[GR_NLIMITS];
2295+ __u32 resmask;
2296+
2297+ __u8 user_trans_type;
2298+ __u8 group_trans_type;
2299+ uid_t *user_transitions;
2300+ gid_t *group_transitions;
2301+ __u16 user_trans_num;
2302+ __u16 group_trans_num;
2303+
2304+ __u32 sock_families[2];
2305+ __u32 ip_proto[8];
2306+ __u32 ip_type;
2307+ struct acl_ip_label **ips;
2308+ __u32 ip_num;
2309+ __u32 inaddr_any_override;
2310+
2311+ __u32 crashes;
2312+ unsigned long expires;
2313+
2314+ struct acl_subject_label *parent_subject;
2315+ struct gr_hash_struct *hash;
2316+ struct acl_subject_label *prev;
2317+ struct acl_subject_label *next;
2318+
2319+ struct acl_object_label **obj_hash;
2320+ __u32 obj_hash_size;
2321+ __u16 pax_flags;
2322+};
2323+
2324+struct role_allowed_ip {
2325+ __u32 addr;
2326+ __u32 netmask;
2327+
2328+ struct role_allowed_ip *prev;
2329+ struct role_allowed_ip *next;
2330+};
2331+
2332+struct role_transition {
2333+ char *rolename;
2334+
2335+ struct role_transition *prev;
2336+ struct role_transition *next;
2337+};
2338+
2339+struct acl_role_label {
2340+ char *rolename;
2341+ uid_t uidgid;
2342+ __u16 roletype;
2343+
2344+ __u16 auth_attempts;
2345+ unsigned long expires;
2346+
2347+ struct acl_subject_label *root_label;
2348+ struct gr_hash_struct *hash;
2349+
2350+ struct acl_role_label *prev;
2351+ struct acl_role_label *next;
2352+
2353+ struct role_transition *transitions;
2354+ struct role_allowed_ip *allowed_ips;
2355+ uid_t *domain_children;
2356+ __u16 domain_child_num;
2357+
2358+ umode_t umask;
2359+
2360+ struct acl_subject_label **subj_hash;
2361+ __u32 subj_hash_size;
2362+};
2363+
2364+struct user_acl_role_db {
2365+ struct acl_role_label **r_table;
2366+ __u32 num_pointers; /* Number of allocations to track */
2367+ __u32 num_roles; /* Number of roles */
2368+ __u32 num_domain_children; /* Number of domain children */
2369+ __u32 num_subjects; /* Number of subjects */
2370+ __u32 num_objects; /* Number of objects */
2371+};
2372+
2373+struct acl_object_label {
2374+ char *filename;
23588859 2375+ u64 inode;
91e56a59
AF		 2376+ dev_t device;
2377+ __u32 mode;
2378+
2379+ struct acl_subject_label *nested;
2380+ struct acl_object_label *globbed;
2381+
2382+ /* next two structures not used */
2383+
2384+ struct acl_object_label *prev;
2385+ struct acl_object_label *next;
2386+};
2387+
2388+struct acl_ip_label {
2389+ char *iface;
2390+ __u32 addr;
2391+ __u32 netmask;
2392+ __u16 low, high;
2393+ __u8 mode;
2394+ __u32 type;
2395+ __u32 proto[8];
2396+
2397+ /* next two structures not used */
2398+
2399+ struct acl_ip_label *prev;
2400+ struct acl_ip_label *next;
2401+};
2402+
2403+struct gr_arg {
2404+ struct user_acl_role_db role_db;
2405+ unsigned char pw[GR_PW_LEN];
2406+ unsigned char salt[GR_SALT_LEN];
2407+ unsigned char sum[GR_SHA_LEN];
2408+ unsigned char sp_role[GR_SPROLE_LEN];
2409+ struct sprole_pw *sprole_pws;
2410+ dev_t segv_device;
23588859 2411+ u64 segv_inode;
91e56a59
AF		 2412+ uid_t segv_uid;
2413+ __u16 num_sprole_pws;
2414+ __u16 mode;
2415+};
2416+
2417+struct gr_arg_wrapper {
2418+ struct gr_arg *arg;
2419+ __u32 version;
2420+ __u32 size;
2421+};
2422+
2423+struct subject_map {
2424+ struct acl_subject_label *user;
2425+ struct acl_subject_label *kernel;
2426+ struct subject_map *prev;
2427+ struct subject_map *next;
2428+};
2429+
2430+struct acl_subj_map_db {
2431+ struct subject_map **s_hash;
2432+ __u32 s_size;
2433+};
2434+
2435+struct gr_policy_state {
2436+ struct sprole_pw **acl_special_roles;
2437+ __u16 num_sprole_pws;
2438+ struct acl_role_label *kernel_role;
2439+ struct acl_role_label *role_list;
2440+ struct acl_role_label *default_role;
2441+ struct acl_role_db acl_role_set;
2442+ struct acl_subj_map_db subj_map_set;
2443+ struct name_db name_set;
2444+ struct inodev_db inodev_set;
2445+};
2446+
2447+struct gr_alloc_state {
2448+ unsigned long alloc_stack_next;
2449+ unsigned long alloc_stack_size;
2450+ void **alloc_stack;
2451+};
2452+
2453+struct gr_reload_state {
2454+ struct gr_policy_state oldpolicy;
2455+ struct gr_alloc_state oldalloc;
2456+ struct gr_policy_state newpolicy;
2457+ struct gr_alloc_state newalloc;
2458+ struct gr_policy_state *oldpolicy_ptr;
2459+ struct gr_alloc_state *oldalloc_ptr;
2460+ unsigned char oldmode;
2461+};
2462+
2463+/* End Data Structures Section */
2464+
2465+/* Hash functions generated by empirical testing by Brad Spengler
2466+ Makes good use of the low bits of the inode. Generally 0-1 times
2467+ in loop for successful match. 0-3 for unsuccessful match.
2468+ Shift/add algorithm with modulus of table size and an XOR*/
2469+
2470+static __inline__ unsigned int
2471+gr_rhash(const uid_t uid, const __u16 type, const unsigned int sz)
2472+{
2473+ return ((((uid + type) << (16 + type)) ^ uid) % sz);
2474+}
2475+
2476+ static __inline__ unsigned int
2477+gr_shash(const struct acl_subject_label *userp, const unsigned int sz)
2478+{
2479+ return ((const unsigned long)userp % sz);
2480+}
2481+
2482+static __inline__ unsigned int
23588859 2483+gr_fhash(const u64 ino, const dev_t dev, const unsigned int sz)
91e56a59 2484+{
23588859
AF		 2485+ unsigned int rem;
2486+ div_u64_rem((ino + dev) ^ ((ino << 13) + (ino << 23) + (dev << 9)), sz, &rem);
2487+ return rem;
91e56a59
AF		 2488+}
2489+
2490+static __inline__ unsigned int
2491+gr_nhash(const char *name, const __u16 len, const unsigned int sz)
2492+{
2493+ return full_name_hash((const unsigned char *)name, len) % sz;
2494+}
2495+
2496+#define FOR_EACH_SUBJECT_START(role,subj,iter) \
2497+ subj = NULL; \
2498+ iter = 0; \
2499+ while (iter < role->subj_hash_size) { \
2500+ if (subj == NULL) \
2501+ subj = role->subj_hash[iter]; \
2502+ if (subj == NULL) { \
2503+ iter++; \
2504+ continue; \
2505+ }
2506+
2507+#define FOR_EACH_SUBJECT_END(subj,iter) \
2508+ subj = subj->next; \
2509+ if (subj == NULL) \
2510+ iter++; \
2511+ }
2512+
2513+
2514+#define FOR_EACH_NESTED_SUBJECT_START(role,subj) \
2515+ subj = role->hash->first; \
2516+ while (subj != NULL) {
2517+
2518+#define FOR_EACH_NESTED_SUBJECT_END(subj) \
2519+ subj = subj->next; \
2520+ }
2521+
2522+#endif
2523+
23588859
AF		 2524diff -Naur backports-4.2.6-1.org/include/linux/gralloc.h backports-4.2.6-1/include/linux/gralloc.h
2525--- backports-4.2.6-1.org/include/linux/gralloc.h 1970-01-01 01:00:00.000000000 +0100
2526+++ backports-4.2.6-1/include/linux/gralloc.h 2016-01-27 12:26:26.289959354 +0100
91e56a59
AF		 2527@@ -0,0 +1,9 @@
2528+#ifndef __GRALLOC_H
2529+#define __GRALLOC_H
2530+
2531+void acl_free_all(void);
2532+int acl_alloc_stack_init(unsigned long size);
2533+void *acl_alloc(unsigned long len);
2534+void *acl_alloc_num(unsigned long num, unsigned long len);
2535+
2536+#endif
23588859
AF		 2537diff -Naur backports-4.2.6-1.org/include/linux/grdefs.h backports-4.2.6-1/include/linux/grdefs.h
2538--- backports-4.2.6-1.org/include/linux/grdefs.h 1970-01-01 01:00:00.000000000 +0100
2539+++ backports-4.2.6-1/include/linux/grdefs.h 2016-01-27 12:26:26.289959354 +0100
91e56a59
AF		 2540@@ -0,0 +1,140 @@
2541+#ifndef GRDEFS_H
2542+#define GRDEFS_H
2543+
2544+/* Begin grsecurity status declarations */
2545+
2546+enum {
2547+ GR_READY = 0x01,
2548+ GR_STATUS_INIT = 0x00 // disabled state
2549+};
2550+
2551+/* Begin ACL declarations */
2552+
2553+/* Role flags */
2554+
2555+enum {
2556+ GR_ROLE_USER = 0x0001,
2557+ GR_ROLE_GROUP = 0x0002,
2558+ GR_ROLE_DEFAULT = 0x0004,
2559+ GR_ROLE_SPECIAL = 0x0008,
2560+ GR_ROLE_AUTH = 0x0010,
2561+ GR_ROLE_NOPW = 0x0020,
2562+ GR_ROLE_GOD = 0x0040,
2563+ GR_ROLE_LEARN = 0x0080,
2564+ GR_ROLE_TPE = 0x0100,
2565+ GR_ROLE_DOMAIN = 0x0200,
2566+ GR_ROLE_PAM = 0x0400,
2567+ GR_ROLE_PERSIST = 0x0800
2568+};
2569+
2570+/* ACL Subject and Object mode flags */
2571+enum {
2572+ GR_DELETED = 0x80000000
2573+};
2574+
2575+/* ACL Object-only mode flags */
2576+enum {
2577+ GR_READ = 0x00000001,
2578+ GR_APPEND = 0x00000002,
2579+ GR_WRITE = 0x00000004,
2580+ GR_EXEC = 0x00000008,
2581+ GR_FIND = 0x00000010,
2582+ GR_INHERIT = 0x00000020,
2583+ GR_SETID = 0x00000040,
2584+ GR_CREATE = 0x00000080,
2585+ GR_DELETE = 0x00000100,
2586+ GR_LINK = 0x00000200,
2587+ GR_AUDIT_READ = 0x00000400,
2588+ GR_AUDIT_APPEND = 0x00000800,
2589+ GR_AUDIT_WRITE = 0x00001000,
2590+ GR_AUDIT_EXEC = 0x00002000,
2591+ GR_AUDIT_FIND = 0x00004000,
2592+ GR_AUDIT_INHERIT= 0x00008000,
2593+ GR_AUDIT_SETID = 0x00010000,
2594+ GR_AUDIT_CREATE = 0x00020000,
2595+ GR_AUDIT_DELETE = 0x00040000,
2596+ GR_AUDIT_LINK = 0x00080000,
2597+ GR_PTRACERD = 0x00100000,
2598+ GR_NOPTRACE = 0x00200000,
2599+ GR_SUPPRESS = 0x00400000,
2600+ GR_NOLEARN = 0x00800000,
2601+ GR_INIT_TRANSFER= 0x01000000
2602+};
2603+
2604+#define GR_AUDITS (GR_AUDIT_READ | GR_AUDIT_WRITE | GR_AUDIT_APPEND | GR_AUDIT_EXEC | \
2605+ GR_AUDIT_FIND | GR_AUDIT_INHERIT | GR_AUDIT_SETID | \
2606+ GR_AUDIT_CREATE | GR_AUDIT_DELETE | GR_AUDIT_LINK)
2607+
2608+/* ACL subject-only mode flags */
2609+enum {
2610+ GR_KILL = 0x00000001,
2611+ GR_VIEW = 0x00000002,
2612+ GR_PROTECTED = 0x00000004,
2613+ GR_LEARN = 0x00000008,
2614+ GR_OVERRIDE = 0x00000010,
2615+ /* just a placeholder, this mode is only used in userspace */
2616+ GR_DUMMY = 0x00000020,
2617+ GR_PROTSHM = 0x00000040,
2618+ GR_KILLPROC = 0x00000080,
2619+ GR_KILLIPPROC = 0x00000100,
2620+ /* just a placeholder, this mode is only used in userspace */
2621+ GR_NOTROJAN = 0x00000200,
2622+ GR_PROTPROCFD = 0x00000400,
2623+ GR_PROCACCT = 0x00000800,
2624+ GR_RELAXPTRACE = 0x00001000,
2625+ //GR_NESTED = 0x00002000,
2626+ GR_INHERITLEARN = 0x00004000,
2627+ GR_PROCFIND = 0x00008000,
2628+ GR_POVERRIDE = 0x00010000,
2629+ GR_KERNELAUTH = 0x00020000,
2630+ GR_ATSECURE = 0x00040000,
2631+ GR_SHMEXEC = 0x00080000
2632+};
2633+
2634+enum {
2635+ GR_PAX_ENABLE_SEGMEXEC = 0x0001,
2636+ GR_PAX_ENABLE_PAGEEXEC = 0x0002,
2637+ GR_PAX_ENABLE_MPROTECT = 0x0004,
2638+ GR_PAX_ENABLE_RANDMMAP = 0x0008,
2639+ GR_PAX_ENABLE_EMUTRAMP = 0x0010,
2640+ GR_PAX_DISABLE_SEGMEXEC = 0x0100,
2641+ GR_PAX_DISABLE_PAGEEXEC = 0x0200,
2642+ GR_PAX_DISABLE_MPROTECT = 0x0400,
2643+ GR_PAX_DISABLE_RANDMMAP = 0x0800,
2644+ GR_PAX_DISABLE_EMUTRAMP = 0x1000,
2645+};
2646+
2647+enum {
2648+ GR_ID_USER = 0x01,
2649+ GR_ID_GROUP = 0x02,
2650+};
2651+
2652+enum {
2653+ GR_ID_ALLOW = 0x01,
2654+ GR_ID_DENY = 0x02,
2655+};
2656+
2657+#define GR_CRASH_RES 31
2658+#define GR_UIDTABLE_MAX 500
2659+
2660+/* begin resource learning section */
2661+enum {
2662+ GR_RLIM_CPU_BUMP = 60,
2663+ GR_RLIM_FSIZE_BUMP = 50000,
2664+ GR_RLIM_DATA_BUMP = 10000,
2665+ GR_RLIM_STACK_BUMP = 1000,
2666+ GR_RLIM_CORE_BUMP = 10000,
2667+ GR_RLIM_RSS_BUMP = 500000,
2668+ GR_RLIM_NPROC_BUMP = 1,
2669+ GR_RLIM_NOFILE_BUMP = 5,
2670+ GR_RLIM_MEMLOCK_BUMP = 50000,
2671+ GR_RLIM_AS_BUMP = 500000,
2672+ GR_RLIM_LOCKS_BUMP = 2,
2673+ GR_RLIM_SIGPENDING_BUMP = 5,
2674+ GR_RLIM_MSGQUEUE_BUMP = 10000,
2675+ GR_RLIM_NICE_BUMP = 1,
2676+ GR_RLIM_RTPRIO_BUMP = 1,
2677+ GR_RLIM_RTTIME_BUMP = 1000000
2678+};
2679+
2680+#endif
23588859
AF		 2681diff -Naur backports-4.2.6-1.org/include/linux/grinternal.h backports-4.2.6-1/include/linux/grinternal.h
2682--- backports-4.2.6-1.org/include/linux/grinternal.h 1970-01-01 01:00:00.000000000 +0100
2683+++ backports-4.2.6-1/include/linux/grinternal.h 2016-01-27 12:26:26.289959354 +0100
2684@@ -0,0 +1,230 @@
91e56a59
AF		 2685+#ifndef __GRINTERNAL_H
2686+#define __GRINTERNAL_H
2687+
2688+#ifdef CONFIG_GRKERNSEC
2689+
2690+#include <linux/fs.h>
2691+#include <linux/mnt_namespace.h>
2692+#include <linux/nsproxy.h>
2693+#include <linux/gracl.h>
2694+#include <linux/grdefs.h>
2695+#include <linux/grmsg.h>
2696+
2697+void gr_add_learn_entry(const char *fmt, ...)
2698+ __attribute__ ((format (printf, 1, 2)));
2699+__u32 gr_search_file(const struct dentry *dentry, const __u32 mode,
2700+ const struct vfsmount *mnt);
2701+__u32 gr_check_create(const struct dentry *new_dentry,
2702+ const struct dentry *parent,
2703+ const struct vfsmount *mnt, const __u32 mode);
2704+int gr_check_protected_task(const struct task_struct *task);
2705+__u32 to_gr_audit(const __u32 reqmode);
2706+int gr_set_acls(const int type);
2707+int gr_acl_is_enabled(void);
2708+char gr_roletype_to_char(void);
2709+
2710+void gr_handle_alertkill(struct task_struct *task);
2711+char *gr_to_filename(const struct dentry *dentry,
2712+ const struct vfsmount *mnt);
2713+char *gr_to_filename1(const struct dentry *dentry,
2714+ const struct vfsmount *mnt);
2715+char *gr_to_filename2(const struct dentry *dentry,
2716+ const struct vfsmount *mnt);
2717+char *gr_to_filename3(const struct dentry *dentry,
2718+ const struct vfsmount *mnt);
2719+
2720+extern int grsec_enable_ptrace_readexec;
2721+extern int grsec_enable_harden_ptrace;
2722+extern int grsec_enable_link;
2723+extern int grsec_enable_fifo;
2724+extern int grsec_enable_execve;
2725+extern int grsec_enable_shm;
2726+extern int grsec_enable_execlog;
2727+extern int grsec_enable_signal;
2728+extern int grsec_enable_audit_ptrace;
2729+extern int grsec_enable_forkfail;
2730+extern int grsec_enable_time;
2731+extern int grsec_enable_rofs;
2732+extern int grsec_deny_new_usb;
2733+extern int grsec_enable_chroot_shmat;
2734+extern int grsec_enable_chroot_mount;
2735+extern int grsec_enable_chroot_double;
2736+extern int grsec_enable_chroot_pivot;
2737+extern int grsec_enable_chroot_chdir;
2738+extern int grsec_enable_chroot_chmod;
2739+extern int grsec_enable_chroot_mknod;
2740+extern int grsec_enable_chroot_fchdir;
2741+extern int grsec_enable_chroot_nice;
2742+extern int grsec_enable_chroot_execlog;
2743+extern int grsec_enable_chroot_caps;
23588859 2744+extern int grsec_enable_chroot_rename;
91e56a59
AF		 2745+extern int grsec_enable_chroot_sysctl;
2746+extern int grsec_enable_chroot_unix;
2747+extern int grsec_enable_symlinkown;
2748+extern kgid_t grsec_symlinkown_gid;
2749+extern int grsec_enable_tpe;
2750+extern kgid_t grsec_tpe_gid;
2751+extern int grsec_enable_tpe_all;
2752+extern int grsec_enable_tpe_invert;
2753+extern int grsec_enable_socket_all;
2754+extern kgid_t grsec_socket_all_gid;
2755+extern int grsec_enable_socket_client;
2756+extern kgid_t grsec_socket_client_gid;
2757+extern int grsec_enable_socket_server;
2758+extern kgid_t grsec_socket_server_gid;
2759+extern kgid_t grsec_audit_gid;
2760+extern int grsec_enable_group;
2761+extern int grsec_enable_log_rwxmaps;
2762+extern int grsec_enable_mount;
2763+extern int grsec_enable_chdir;
2764+extern int grsec_resource_logging;
2765+extern int grsec_enable_blackhole;
2766+extern int grsec_lastack_retries;
2767+extern int grsec_enable_brute;
2768+extern int grsec_enable_harden_ipc;
2769+extern int grsec_lock;
2770+
2771+extern spinlock_t grsec_alert_lock;
2772+extern unsigned long grsec_alert_wtime;
2773+extern unsigned long grsec_alert_fyet;
2774+
2775+extern spinlock_t grsec_audit_lock;
2776+
2777+extern rwlock_t grsec_exec_file_lock;
2778+
2779+#define gr_task_fullpath(tsk) ((tsk)->exec_file ? \
2780+ gr_to_filename2((tsk)->exec_file->f_path.dentry, \
2781+ (tsk)->exec_file->f_path.mnt) : "/")
2782+
2783+#define gr_parent_task_fullpath(tsk) ((tsk)->real_parent->exec_file ? \
2784+ gr_to_filename3((tsk)->real_parent->exec_file->f_path.dentry, \
2785+ (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2786+
2787+#define gr_task_fullpath0(tsk) ((tsk)->exec_file ? \
2788+ gr_to_filename((tsk)->exec_file->f_path.dentry, \
2789+ (tsk)->exec_file->f_path.mnt) : "/")
2790+
2791+#define gr_parent_task_fullpath0(tsk) ((tsk)->real_parent->exec_file ? \
2792+ gr_to_filename1((tsk)->real_parent->exec_file->f_path.dentry, \
2793+ (tsk)->real_parent->exec_file->f_path.mnt) : "/")
2794+
2795+#define proc_is_chrooted(tsk_a) ((tsk_a)->gr_is_chrooted)
2796+
2797+#define have_same_root(tsk_a,tsk_b) ((tsk_a)->gr_chroot_dentry == (tsk_b)->gr_chroot_dentry)
2798+
2799+static inline bool gr_is_same_file(const struct file *file1, const struct file *file2)
2800+{
2801+ if (file1 && file2) {
2802+ const struct inode *inode1 = file1->f_path.dentry->d_inode;
2803+ const struct inode *inode2 = file2->f_path.dentry->d_inode;
2804+ if (inode1->i_ino == inode2->i_ino && inode1->i_sb->s_dev == inode2->i_sb->s_dev)
2805+ return true;
2806+ }
2807+
2808+ return false;
2809+}
2810+
2811+#define GR_CHROOT_CAPS {{ \
2812+ CAP_TO_MASK(CAP_LINUX_IMMUTABLE) | CAP_TO_MASK(CAP_NET_ADMIN) | \
2813+ CAP_TO_MASK(CAP_SYS_MODULE) | CAP_TO_MASK(CAP_SYS_RAWIO) | \
2814+ CAP_TO_MASK(CAP_SYS_PACCT) | CAP_TO_MASK(CAP_SYS_ADMIN) | \
2815+ CAP_TO_MASK(CAP_SYS_BOOT) | CAP_TO_MASK(CAP_SYS_TIME) | \
2816+ CAP_TO_MASK(CAP_NET_RAW) | CAP_TO_MASK(CAP_SYS_TTY_CONFIG) | \
2817+ CAP_TO_MASK(CAP_IPC_OWNER) | CAP_TO_MASK(CAP_SETFCAP), \
2818+ CAP_TO_MASK(CAP_SYSLOG) | CAP_TO_MASK(CAP_MAC_ADMIN) }}
2819+
2820+#define security_learn(normal_msg,args...) \
2821+({ \
2822+ read_lock(&grsec_exec_file_lock); \
2823+ gr_add_learn_entry(normal_msg "\n", ## args); \
2824+ read_unlock(&grsec_exec_file_lock); \
2825+})
2826+
2827+enum {
2828+ GR_DO_AUDIT,
2829+ GR_DONT_AUDIT,
2830+ /* used for non-audit messages that we shouldn't kill the task on */
2831+ GR_DONT_AUDIT_GOOD
2832+};
2833+
2834+enum {
2835+ GR_TTYSNIFF,
2836+ GR_RBAC,
2837+ GR_RBAC_STR,
2838+ GR_STR_RBAC,
2839+ GR_RBAC_MODE2,
2840+ GR_RBAC_MODE3,
2841+ GR_FILENAME,
2842+ GR_SYSCTL_HIDDEN,
2843+ GR_NOARGS,
2844+ GR_ONE_INT,
2845+ GR_ONE_INT_TWO_STR,
2846+ GR_ONE_STR,
2847+ GR_STR_INT,
2848+ GR_TWO_STR_INT,
2849+ GR_TWO_INT,
2850+ GR_TWO_U64,
2851+ GR_THREE_INT,
2852+ GR_FIVE_INT_TWO_STR,
2853+ GR_TWO_STR,
2854+ GR_THREE_STR,
2855+ GR_FOUR_STR,
2856+ GR_STR_FILENAME,
2857+ GR_FILENAME_STR,
2858+ GR_FILENAME_TWO_INT,
2859+ GR_FILENAME_TWO_INT_STR,
2860+ GR_TEXTREL,
2861+ GR_PTRACE,
2862+ GR_RESOURCE,
2863+ GR_CAP,
2864+ GR_SIG,
2865+ GR_SIG2,
2866+ GR_CRASH1,
2867+ GR_CRASH2,
2868+ GR_PSACCT,
2869+ GR_RWXMAP,
2870+ GR_RWXMAPVMA
2871+};
2872+
2873+#define gr_log_hidden_sysctl(audit, msg, str) gr_log_varargs(audit, msg, GR_SYSCTL_HIDDEN, str)
2874+#define gr_log_ttysniff(audit, msg, task) gr_log_varargs(audit, msg, GR_TTYSNIFF, task)
2875+#define gr_log_fs_rbac_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_RBAC, dentry, mnt)
2876+#define gr_log_fs_rbac_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_RBAC_STR, dentry, mnt, str)
2877+#define gr_log_fs_str_rbac(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_RBAC, str, dentry, mnt)
2878+#define gr_log_fs_rbac_mode2(audit, msg, dentry, mnt, str1, str2) gr_log_varargs(audit, msg, GR_RBAC_MODE2, dentry, mnt, str1, str2)
2879+#define gr_log_fs_rbac_mode3(audit, msg, dentry, mnt, str1, str2, str3) gr_log_varargs(audit, msg, GR_RBAC_MODE3, dentry, mnt, str1, str2, str3)
2880+#define gr_log_fs_generic(audit, msg, dentry, mnt) gr_log_varargs(audit, msg, GR_FILENAME, dentry, mnt)
2881+#define gr_log_noargs(audit, msg) gr_log_varargs(audit, msg, GR_NOARGS)
2882+#define gr_log_int(audit, msg, num) gr_log_varargs(audit, msg, GR_ONE_INT, num)
2883+#define gr_log_int_str2(audit, msg, num, str1, str2) gr_log_varargs(audit, msg, GR_ONE_INT_TWO_STR, num, str1, str2)
2884+#define gr_log_str(audit, msg, str) gr_log_varargs(audit, msg, GR_ONE_STR, str)
2885+#define gr_log_str_int(audit, msg, str, num) gr_log_varargs(audit, msg, GR_STR_INT, str, num)
2886+#define gr_log_int_int(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_INT, num1, num2)
2887+#define gr_log_two_u64(audit, msg, num1, num2) gr_log_varargs(audit, msg, GR_TWO_U64, num1, num2)
2888+#define gr_log_int3(audit, msg, num1, num2, num3) gr_log_varargs(audit, msg, GR_THREE_INT, num1, num2, num3)
2889+#define gr_log_int5_str2(audit, msg, num1, num2, str1, str2) gr_log_varargs(audit, msg, GR_FIVE_INT_TWO_STR, num1, num2, str1, str2)
2890+#define gr_log_str_str(audit, msg, str1, str2) gr_log_varargs(audit, msg, GR_TWO_STR, str1, str2)
2891+#define gr_log_str2_int(audit, msg, str1, str2, num) gr_log_varargs(audit, msg, GR_TWO_STR_INT, str1, str2, num)
2892+#define gr_log_str3(audit, msg, str1, str2, str3) gr_log_varargs(audit, msg, GR_THREE_STR, str1, str2, str3)
2893+#define gr_log_str4(audit, msg, str1, str2, str3, str4) gr_log_varargs(audit, msg, GR_FOUR_STR, str1, str2, str3, str4)
2894+#define gr_log_str_fs(audit, msg, str, dentry, mnt) gr_log_varargs(audit, msg, GR_STR_FILENAME, str, dentry, mnt)
2895+#define gr_log_fs_str(audit, msg, dentry, mnt, str) gr_log_varargs(audit, msg, GR_FILENAME_STR, dentry, mnt, str)
2896+#define gr_log_fs_int2(audit, msg, dentry, mnt, num1, num2) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT, dentry, mnt, num1, num2)
2897+#define gr_log_fs_int2_str(audit, msg, dentry, mnt, num1, num2, str) gr_log_varargs(audit, msg, GR_FILENAME_TWO_INT_STR, dentry, mnt, num1, num2, str)
23588859 2898+#define gr_log_textrel_ulong_ulong(audit, msg, str, file, ulong1, ulong2) gr_log_varargs(audit, msg, GR_TEXTREL, str, file, ulong1, ulong2)
91e56a59
AF		 2899+#define gr_log_ptrace(audit, msg, task) gr_log_varargs(audit, msg, GR_PTRACE, task)
2900+#define gr_log_res_ulong2_str(audit, msg, task, ulong1, str, ulong2) gr_log_varargs(audit, msg, GR_RESOURCE, task, ulong1, str, ulong2)
2901+#define gr_log_cap(audit, msg, task, str) gr_log_varargs(audit, msg, GR_CAP, task, str)
2902+#define gr_log_sig_addr(audit, msg, str, addr) gr_log_varargs(audit, msg, GR_SIG, str, addr)
2903+#define gr_log_sig_task(audit, msg, task, num) gr_log_varargs(audit, msg, GR_SIG2, task, num)
2904+#define gr_log_crash1(audit, msg, task, ulong) gr_log_varargs(audit, msg, GR_CRASH1, task, ulong)
2905+#define gr_log_crash2(audit, msg, task, ulong1) gr_log_varargs(audit, msg, GR_CRASH2, task, ulong1)
2906+#define gr_log_procacct(audit, msg, task, num1, num2, num3, num4, num5, num6, num7, num8, num9) gr_log_varargs(audit, msg, GR_PSACCT, task, num1, num2, num3, num4, num5, num6, num7, num8, num9)
2907+#define gr_log_rwxmap(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAP, str)
2908+#define gr_log_rwxmap_vma(audit, msg, str) gr_log_varargs(audit, msg, GR_RWXMAPVMA, str)
2909+
2910+void gr_log_varargs(int audit, const char *msg, int argtypes, ...);
2911+
2912+#endif
2913+
2914+#endif
23588859
AF		 2915diff -Naur backports-4.2.6-1.org/include/linux/grmsg.h backports-4.2.6-1/include/linux/grmsg.h
2916--- backports-4.2.6-1.org/include/linux/grmsg.h 1970-01-01 01:00:00.000000000 +0100
2917+++ backports-4.2.6-1/include/linux/grmsg.h 2016-01-27 12:26:26.289959354 +0100
2918@@ -0,0 +1,118 @@
91e56a59
AF		 2919+#define DEFAULTSECMSG "%.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u, parent %.256s[%.16s:%d] uid/euid:%u/%u gid/egid:%u/%u"
2920+#define GR_ACL_PROCACCT_MSG "%.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u run time:[%ud %uh %um %us] cpu time:[%ud %uh %um %us] %s with exit code %ld, parent %.256s[%.16s:%d] IP:%pI4 TTY:%.64s uid/euid:%u/%u gid/egid:%u/%u"
2921+#define GR_PTRACE_ACL_MSG "denied ptrace of %.950s(%.16s:%d) by "
2922+#define GR_STOPMOD_MSG "denied modification of module state by "
2923+#define GR_ROFS_BLOCKWRITE_MSG "denied write to block device %.950s by "
2924+#define GR_ROFS_MOUNT_MSG "denied writable mount of %.950s by "
2925+#define GR_IOPERM_MSG "denied use of ioperm() by "
2926+#define GR_IOPL_MSG "denied use of iopl() by "
2927+#define GR_SHMAT_ACL_MSG "denied attach of shared memory of UID %u, PID %d, ID %u by "
2928+#define GR_UNIX_CHROOT_MSG "denied connect() to abstract AF_UNIX socket outside of chroot by "
2929+#define GR_SHMAT_CHROOT_MSG "denied attach of shared memory outside of chroot by "
2930+#define GR_MEM_READWRITE_MSG "denied access of range %Lx -> %Lx in /dev/mem by "
2931+#define GR_SYMLINK_MSG "not following symlink %.950s owned by %d.%d by "
2932+#define GR_LEARN_AUDIT_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%lu\t%lu\t%.4095s\t%lu\t%pI4"
2933+#define GR_ID_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%c\t%d\t%d\t%d\t%pI4"
2934+#define GR_HIDDEN_ACL_MSG "%s access to hidden file %.950s by "
2935+#define GR_OPEN_ACL_MSG "%s open of %.950s for%s%s by "
2936+#define GR_CREATE_ACL_MSG "%s create of %.950s for%s%s by "
2937+#define GR_FIFO_MSG "denied writing FIFO %.950s of %d.%d by "
2938+#define GR_MKNOD_CHROOT_MSG "denied mknod of %.950s from chroot by "
2939+#define GR_MKNOD_ACL_MSG "%s mknod of %.950s by "
2940+#define GR_UNIXCONNECT_ACL_MSG "%s connect() to the unix domain socket %.950s by "
2941+#define GR_TTYSNIFF_ACL_MSG "terminal being sniffed by IP:%pI4 %.480s[%.16s:%d], parent %.480s[%.16s:%d] against "
2942+#define GR_MKDIR_ACL_MSG "%s mkdir of %.950s by "
2943+#define GR_RMDIR_ACL_MSG "%s rmdir of %.950s by "
2944+#define GR_UNLINK_ACL_MSG "%s unlink of %.950s by "
2945+#define GR_SYMLINK_ACL_MSG "%s symlink from %.480s to %.480s by "
2946+#define GR_HARDLINK_MSG "denied hardlink of %.930s (owned by %d.%d) to %.30s for "
2947+#define GR_LINK_ACL_MSG "%s link of %.480s to %.480s by "
2948+#define GR_INHERIT_ACL_MSG "successful inherit of %.480s's ACL for %.480s by "
2949+#define GR_RENAME_ACL_MSG "%s rename of %.480s to %.480s by "
2950+#define GR_UNSAFESHARE_EXEC_ACL_MSG "denied exec with cloned fs of %.950s by "
2951+#define GR_PTRACE_EXEC_ACL_MSG "denied ptrace of %.950s by "
2952+#define GR_EXEC_ACL_MSG "%s execution of %.950s by "
2953+#define GR_EXEC_TPE_MSG "denied untrusted exec (due to %.70s) of %.950s by "
2954+#define GR_SEGVSTART_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning uid %u from login for %lu seconds"
2955+#define GR_SEGVNOSUID_ACL_MSG "possible exploit bruteforcing on " DEFAULTSECMSG " banning execution for %lu seconds"
2956+#define GR_MOUNT_CHROOT_MSG "denied mount of %.256s as %.930s from chroot by "
2957+#define GR_PIVOT_CHROOT_MSG "denied pivot_root from chroot by "
2958+#define GR_TRUNCATE_ACL_MSG "%s truncate of %.950s by "
2959+#define GR_ATIME_ACL_MSG "%s access time change of %.950s by "
2960+#define GR_ACCESS_ACL_MSG "%s access of %.950s for%s%s%s by "
2961+#define GR_CHROOT_CHROOT_MSG "denied double chroot to %.950s by "
23588859 2962+#define GR_CHROOT_RENAME_MSG "denied bad rename of %.950s out of a chroot by "
91e56a59
AF		 2963+#define GR_CHMOD_CHROOT_MSG "denied chmod +s of %.950s by "
2964+#define GR_CHMOD_ACL_MSG "%s chmod of %.950s by "
2965+#define GR_CHROOT_FCHDIR_MSG "denied fchdir outside of chroot to %.950s by "
2966+#define GR_CHROOT_FHANDLE_MSG "denied use of file handles inside chroot by "
2967+#define GR_CHOWN_ACL_MSG "%s chown of %.950s by "
2968+#define GR_SETXATTR_ACL_MSG "%s setting extended attribute of %.950s by "
2969+#define GR_REMOVEXATTR_ACL_MSG "%s removing extended attribute of %.950s by "
2970+#define GR_WRITLIB_ACL_MSG "denied load of writable library %.950s by "
2971+#define GR_INITF_ACL_MSG "init_variables() failed %s by "
2972+#define GR_DISABLED_ACL_MSG "Error loading %s, trying to run kernel with acls disabled. To disable acls at startup use <kernel image name> gracl=off from your boot loader"
2973+#define GR_DEV_ACL_MSG "/dev/grsec: %d bytes sent %d required, being fed garbage by "
2974+#define GR_SHUTS_ACL_MSG "shutdown auth success for "
2975+#define GR_SHUTF_ACL_MSG "shutdown auth failure for "
2976+#define GR_SHUTI_ACL_MSG "ignoring shutdown for disabled RBAC system for "
2977+#define GR_SEGVMODS_ACL_MSG "segvmod auth success for "
2978+#define GR_SEGVMODF_ACL_MSG "segvmod auth failure for "
2979+#define GR_SEGVMODI_ACL_MSG "ignoring segvmod for disabled RBAC system for "
2980+#define GR_ENABLE_ACL_MSG "%s RBAC system loaded by "
2981+#define GR_ENABLEF_ACL_MSG "unable to load %s for "
2982+#define GR_RELOADI_ACL_MSG "ignoring reload request for disabled RBAC system"
2983+#define GR_RELOAD_ACL_MSG "%s RBAC system reloaded by "
2984+#define GR_RELOADF_ACL_MSG "failed reload of %s for "
2985+#define GR_SPROLEI_ACL_MSG "ignoring change to special role for disabled RBAC system for "
2986+#define GR_SPROLES_ACL_MSG "successful change to special role %s (id %d) by "
2987+#define GR_SPROLEL_ACL_MSG "special role %s (id %d) exited by "
2988+#define GR_SPROLEF_ACL_MSG "special role %s failure for "
2989+#define GR_UNSPROLEI_ACL_MSG "ignoring unauth of special role for disabled RBAC system for "
2990+#define GR_UNSPROLES_ACL_MSG "successful unauth of special role %s (id %d) by "
2991+#define GR_INVMODE_ACL_MSG "invalid mode %d by "
2992+#define GR_PRIORITY_CHROOT_MSG "denied priority change of process (%.16s:%d) by "
2993+#define GR_FAILFORK_MSG "failed fork with errno %s by "
2994+#define GR_NICE_CHROOT_MSG "denied priority change by "
2995+#define GR_UNISIGLOG_MSG "%.32s occurred at %p in "
2996+#define GR_DUALSIGLOG_MSG "signal %d sent to " DEFAULTSECMSG " by "
2997+#define GR_SIG_ACL_MSG "denied send of signal %d to protected task " DEFAULTSECMSG " by "
2998+#define GR_SYSCTL_MSG "denied modification of grsecurity sysctl value : %.32s by "
2999+#define GR_SYSCTL_ACL_MSG "%s sysctl of %.950s for%s%s by "
3000+#define GR_TIME_MSG "time set by "
3001+#define GR_DEFACL_MSG "fatal: unable to find subject for (%.16s:%d), loaded by "
3002+#define GR_MMAP_ACL_MSG "%s executable mmap of %.950s by "
3003+#define GR_MPROTECT_ACL_MSG "%s executable mprotect of %.950s by "
3004+#define GR_SOCK_MSG "denied socket(%.16s,%.16s,%.16s) by "
3005+#define GR_SOCK_NOINET_MSG "denied socket(%.16s,%.16s,%d) by "
3006+#define GR_BIND_MSG "denied bind() by "
3007+#define GR_CONNECT_MSG "denied connect() by "
3008+#define GR_BIND_ACL_MSG "denied bind() to %pI4 port %u sock type %.16s protocol %.16s by "
3009+#define GR_CONNECT_ACL_MSG "denied connect() to %pI4 port %u sock type %.16s protocol %.16s by "
3010+#define GR_IP_LEARN_MSG "%s\t%u\t%u\t%u\t%.4095s\t%.4095s\t%pI4\t%u\t%u\t%u\t%u\t%pI4"
3011+#define GR_EXEC_CHROOT_MSG "exec of %.980s within chroot by process "
3012+#define GR_CAP_ACL_MSG "use of %s denied for "
3013+#define GR_CAP_CHROOT_MSG "use of %s in chroot denied for "
3014+#define GR_CAP_ACL_MSG2 "use of %s permitted for "
3015+#define GR_USRCHANGE_ACL_MSG "change to uid %u denied for "
3016+#define GR_GRPCHANGE_ACL_MSG "change to gid %u denied for "
3017+#define GR_REMOUNT_AUDIT_MSG "remount of %.256s by "
3018+#define GR_UNMOUNT_AUDIT_MSG "unmount of %.256s by "
3019+#define GR_MOUNT_AUDIT_MSG "mount of %.256s to %.256s by "
3020+#define GR_CHDIR_AUDIT_MSG "chdir to %.980s by "
3021+#define GR_EXEC_AUDIT_MSG "exec of %.930s (%.128s) by "
3022+#define GR_RESOURCE_MSG "denied resource overstep by requesting %lu for %.16s against limit %lu for "
3023+#define GR_RWXMMAP_MSG "denied RWX mmap of %.950s by "
3024+#define GR_RWXMPROTECT_MSG "denied RWX mprotect of %.950s by "
23588859 3025+#define GR_TEXTREL_AUDIT_MSG "allowed %s text relocation transition in %.950s, VMA:0x%08lx 0x%08lx by "
91e56a59
AF		 3026+#define GR_PTGNUSTACK_MSG "denied marking stack executable as requested by PT_GNU_STACK marking in %.950s by "
3027+#define GR_VM86_MSG "denied use of vm86 by "
3028+#define GR_PTRACE_AUDIT_MSG "process %.950s(%.16s:%d) attached to via ptrace by "
3029+#define GR_PTRACE_READEXEC_MSG "denied ptrace of unreadable binary %.950s by "
3030+#define GR_INIT_TRANSFER_MSG "persistent special role transferred privilege to init by "
3031+#define GR_BADPROCPID_MSG "denied read of sensitive /proc/pid/%s entry via fd passed across exec by "
3032+#define GR_SYMLINKOWNER_MSG "denied following symlink %.950s since symlink owner %u does not match target owner %u, by "
3033+#define GR_BRUTE_DAEMON_MSG "bruteforce prevention initiated for the next 30 minutes or until service restarted, stalling each fork 30 seconds. Please investigate the crash report for "
3034+#define GR_BRUTE_SUID_MSG "bruteforce prevention initiated due to crash of %.950s against uid %u, banning suid/sgid execs for %u minutes. Please investigate the crash report for "
3035+#define GR_IPC_DENIED_MSG "denied %s of overly-permissive IPC object with creator uid %u by "
3036+#define GR_MSRWRITE_MSG "denied write to CPU MSR by "
23588859
AF		 3037diff -Naur backports-4.2.6-1.org/include/linux/grsecurity.h backports-4.2.6-1/include/linux/grsecurity.h
3038--- backports-4.2.6-1.org/include/linux/grsecurity.h 1970-01-01 01:00:00.000000000 +0100
3039+++ backports-4.2.6-1/include/linux/grsecurity.h 2016-01-27 12:26:26.289959354 +0100
3040@@ -0,0 +1,255 @@
91e56a59
AF		 3041+#ifndef GR_SECURITY_H
3042+#define GR_SECURITY_H
3043+#include <linux/fs.h>
3044+#include <linux/fs_struct.h>
3045+#include <linux/binfmts.h>
3046+#include <linux/gracl.h>
3047+
3048+/* notify of brain-dead configs */
23588859
AF		 3049+#if defined(CONFIG_DEBUG_FS) && defined(CONFIG_GRKERNSEC_KMEM)
3050+#error "CONFIG_DEBUG_FS being enabled is a security risk when CONFIG_GRKERNSEC_KMEM is enabled"
3051+#endif
3052+#if defined(CONFIG_PROC_PAGE_MONITOR) && defined(CONFIG_GRKERNSEC)
3053+#error "CONFIG_PROC_PAGE_MONITOR is a security risk"
3054+#endif
91e56a59
AF		 3055+#if defined(CONFIG_GRKERNSEC_PROC_USER) && defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3056+#error "CONFIG_GRKERNSEC_PROC_USER and CONFIG_GRKERNSEC_PROC_USERGROUP cannot both be enabled."
3057+#endif
3058+#if defined(CONFIG_GRKERNSEC_PROC) && !defined(CONFIG_GRKERNSEC_PROC_USER) && !defined(CONFIG_GRKERNSEC_PROC_USERGROUP)
3059+#error "CONFIG_GRKERNSEC_PROC enabled, but neither CONFIG_GRKERNSEC_PROC_USER nor CONFIG_GRKERNSEC_PROC_USERGROUP enabled"
3060+#endif
3061+#if defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_PAGEEXEC) && !defined(CONFIG_PAX_SEGMEXEC) && !defined(CONFIG_PAX_KERNEXEC)
3062+#error "CONFIG_PAX_NOEXEC enabled, but PAGEEXEC, SEGMEXEC, and KERNEXEC are disabled."
3063+#endif
3064+#if defined(CONFIG_PAX_ASLR) && !defined(CONFIG_PAX_RANDKSTACK) && !defined(CONFIG_PAX_RANDUSTACK) && !defined(CONFIG_PAX_RANDMMAP)
3065+#error "CONFIG_PAX_ASLR enabled, but RANDKSTACK, RANDUSTACK, and RANDMMAP are disabled."
3066+#endif
3067+#if defined(CONFIG_PAX) && !defined(CONFIG_PAX_NOEXEC) && !defined(CONFIG_PAX_ASLR)
3068+#error "CONFIG_PAX enabled, but no PaX options are enabled."
3069+#endif
3070+
3071+int gr_handle_new_usb(void);
3072+
3073+void gr_handle_brute_attach(int dumpable);
3074+void gr_handle_brute_check(void);
3075+void gr_handle_kernel_exploit(void);
3076+
3077+char gr_roletype_to_char(void);
3078+
3079+int gr_proc_is_restricted(void);
3080+
3081+int gr_acl_enable_at_secure(void);
3082+
3083+int gr_check_user_change(kuid_t real, kuid_t effective, kuid_t fs);
3084+int gr_check_group_change(kgid_t real, kgid_t effective, kgid_t fs);
3085+
3086+int gr_learn_cap(const struct task_struct *task, const struct cred *cred, const int cap);
3087+
3088+void gr_del_task_from_ip_table(struct task_struct *p);
3089+
3090+int gr_pid_is_chrooted(struct task_struct *p);
3091+int gr_handle_chroot_fowner(struct pid *pid, enum pid_type type);
3092+int gr_handle_chroot_nice(void);
3093+int gr_handle_chroot_sysctl(const int op);
3094+int gr_handle_chroot_setpriority(struct task_struct *p,
3095+ const int niceval);
3096+int gr_chroot_fchdir(struct dentry *u_dentry, struct vfsmount *u_mnt);
3097+int gr_chroot_fhandle(void);
3098+int gr_handle_chroot_chroot(const struct dentry *dentry,
3099+ const struct vfsmount *mnt);
3100+void gr_handle_chroot_chdir(const struct path *path);
3101+int gr_handle_chroot_chmod(const struct dentry *dentry,
3102+ const struct vfsmount *mnt, const int mode);
3103+int gr_handle_chroot_mknod(const struct dentry *dentry,
3104+ const struct vfsmount *mnt, const int mode);
3105+int gr_handle_chroot_mount(const struct dentry *dentry,
3106+ const struct vfsmount *mnt,
3107+ const char *dev_name);
3108+int gr_handle_chroot_pivot(void);
3109+int gr_handle_chroot_unix(const pid_t pid);
3110+
3111+int gr_handle_rawio(const struct inode *inode);
3112+
3113+void gr_handle_ioperm(void);
3114+void gr_handle_iopl(void);
3115+void gr_handle_msr_write(void);
3116+
3117+umode_t gr_acl_umask(void);
3118+
3119+int gr_tpe_allow(const struct file *file);
3120+
3121+void gr_set_chroot_entries(struct task_struct *task, const struct path *path);
3122+void gr_clear_chroot_entries(struct task_struct *task);
3123+
3124+void gr_log_forkfail(const int retval);
3125+void gr_log_timechange(void);
3126+void gr_log_signal(const int sig, const void *addr, const struct task_struct *t);
3127+void gr_log_chdir(const struct dentry *dentry,
3128+ const struct vfsmount *mnt);
3129+void gr_log_chroot_exec(const struct dentry *dentry,
3130+ const struct vfsmount *mnt);
3131+void gr_log_remount(const char *devname, const int retval);
3132+void gr_log_unmount(const char *devname, const int retval);
23588859
AF		 3133+void gr_log_mount(const char *from, struct path *to, const int retval);
3134+void gr_log_textrel(struct vm_area_struct *vma, bool is_textrel_rw);
91e56a59
AF		 3135+void gr_log_ptgnustack(struct file *file);
3136+void gr_log_rwxmmap(struct file *file);
3137+void gr_log_rwxmprotect(struct vm_area_struct *vma);
3138+
23588859 3139+int gr_handle_follow_link(const struct dentry *dentry,
91e56a59
AF		 3140+ const struct vfsmount *mnt);
3141+int gr_handle_fifo(const struct dentry *dentry,
3142+ const struct vfsmount *mnt,
3143+ const struct dentry *dir, const int flag,
3144+ const int acc_mode);
3145+int gr_handle_hardlink(const struct dentry *dentry,
3146+ const struct vfsmount *mnt,
23588859 3147+ const struct filename *to);
91e56a59
AF		 3148+
3149+int gr_is_capable(const int cap);
3150+int gr_is_capable_nolog(const int cap);
3151+int gr_task_is_capable(const struct task_struct *task, const struct cred *cred, const int cap);
3152+int gr_task_is_capable_nolog(const struct task_struct *task, const int cap);
3153+
3154+void gr_copy_label(struct task_struct *tsk);
3155+void gr_handle_crash(struct task_struct *task, const int sig);
3156+int gr_handle_signal(const struct task_struct *p, const int sig);
3157+int gr_check_crash_uid(const kuid_t uid);
3158+int gr_check_protected_task(const struct task_struct *task);
3159+int gr_check_protected_task_fowner(struct pid *pid, enum pid_type type);
3160+int gr_acl_handle_mmap(const struct file *file,
3161+ const unsigned long prot);
3162+int gr_acl_handle_mprotect(const struct file *file,
3163+ const unsigned long prot);
3164+int gr_check_hidden_task(const struct task_struct *tsk);
3165+__u32 gr_acl_handle_truncate(const struct dentry *dentry,
3166+ const struct vfsmount *mnt);
3167+__u32 gr_acl_handle_utime(const struct dentry *dentry,
3168+ const struct vfsmount *mnt);
3169+__u32 gr_acl_handle_access(const struct dentry *dentry,
3170+ const struct vfsmount *mnt, const int fmode);
3171+__u32 gr_acl_handle_chmod(const struct dentry *dentry,
3172+ const struct vfsmount *mnt, umode_t *mode);
3173+__u32 gr_acl_handle_chown(const struct dentry *dentry,
3174+ const struct vfsmount *mnt);
3175+__u32 gr_acl_handle_setxattr(const struct dentry *dentry,
3176+ const struct vfsmount *mnt);
3177+__u32 gr_acl_handle_removexattr(const struct dentry *dentry,
3178+ const struct vfsmount *mnt);
3179+int gr_handle_ptrace(struct task_struct *task, const long request);
3180+int gr_handle_proc_ptrace(struct task_struct *task);
3181+__u32 gr_acl_handle_execve(const struct dentry *dentry,
3182+ const struct vfsmount *mnt);
3183+int gr_check_crash_exec(const struct file *filp);
3184+int gr_acl_is_enabled(void);
3185+void gr_set_role_label(struct task_struct *task, const kuid_t uid,
3186+ const kgid_t gid);
3187+int gr_set_proc_label(const struct dentry *dentry,
3188+ const struct vfsmount *mnt,
3189+ const int unsafe_flags);
3190+__u32 gr_acl_handle_hidden_file(const struct dentry *dentry,
3191+ const struct vfsmount *mnt);
3192+__u32 gr_acl_handle_open(const struct dentry *dentry,
3193+ const struct vfsmount *mnt, int acc_mode);
3194+__u32 gr_acl_handle_creat(const struct dentry *dentry,
3195+ const struct dentry *p_dentry,
3196+ const struct vfsmount *p_mnt,
3197+ int open_flags, int acc_mode, const int imode);
3198+void gr_handle_create(const struct dentry *dentry,
3199+ const struct vfsmount *mnt);
3200+void gr_handle_proc_create(const struct dentry *dentry,
3201+ const struct inode *inode);
3202+__u32 gr_acl_handle_mknod(const struct dentry *new_dentry,
3203+ const struct dentry *parent_dentry,
3204+ const struct vfsmount *parent_mnt,
3205+ const int mode);
3206+__u32 gr_acl_handle_mkdir(const struct dentry *new_dentry,
3207+ const struct dentry *parent_dentry,
3208+ const struct vfsmount *parent_mnt);
3209+__u32 gr_acl_handle_rmdir(const struct dentry *dentry,
3210+ const struct vfsmount *mnt);
23588859 3211+void gr_handle_delete(const u64 ino, const dev_t dev);
91e56a59
AF		 3212+__u32 gr_acl_handle_unlink(const struct dentry *dentry,
3213+ const struct vfsmount *mnt);
3214+__u32 gr_acl_handle_symlink(const struct dentry *new_dentry,
3215+ const struct dentry *parent_dentry,
3216+ const struct vfsmount *parent_mnt,
3217+ const struct filename *from);
3218+__u32 gr_acl_handle_link(const struct dentry *new_dentry,
3219+ const struct dentry *parent_dentry,
3220+ const struct vfsmount *parent_mnt,
3221+ const struct dentry *old_dentry,
3222+ const struct vfsmount *old_mnt, const struct filename *to);
3223+int gr_handle_symlink_owner(const struct path *link, const struct inode *target);
3224+int gr_acl_handle_rename(struct dentry *new_dentry,
3225+ struct dentry *parent_dentry,
3226+ const struct vfsmount *parent_mnt,
3227+ struct dentry *old_dentry,
3228+ struct inode *old_parent_inode,
3229+ struct vfsmount *old_mnt, const struct filename *newname, unsigned int flags);
3230+void gr_handle_rename(struct inode *old_dir, struct inode *new_dir,
3231+ struct dentry *old_dentry,
3232+ struct dentry *new_dentry,
3233+ struct vfsmount *mnt, const __u8 replace, unsigned int flags);
3234+__u32 gr_check_link(const struct dentry *new_dentry,
3235+ const struct dentry *parent_dentry,
3236+ const struct vfsmount *parent_mnt,
3237+ const struct dentry *old_dentry,
3238+ const struct vfsmount *old_mnt);
3239+int gr_acl_handle_filldir(const struct file *file, const char *name,
23588859 3240+ const unsigned int namelen, const u64 ino);
91e56a59
AF		 3241+
3242+__u32 gr_acl_handle_unix(const struct dentry *dentry,
3243+ const struct vfsmount *mnt);
3244+void gr_acl_handle_exit(void);
3245+void gr_acl_handle_psacct(struct task_struct *task, const long code);
3246+int gr_acl_handle_procpidmem(const struct task_struct *task);
3247+int gr_handle_rofs_mount(struct dentry *dentry, struct vfsmount *mnt, int mnt_flags);
3248+int gr_handle_rofs_blockwrite(struct dentry *dentry, struct vfsmount *mnt, int acc_mode);
3249+void gr_audit_ptrace(struct task_struct *task);
3250+dev_t gr_get_dev_from_dentry(struct dentry *dentry);
23588859 3251+u64 gr_get_ino_from_dentry(struct dentry *dentry);
91e56a59
AF		 3252+void gr_put_exec_file(struct task_struct *task);
3253+
23588859
AF		 3254+int gr_get_symlinkown_enabled(void);
3255+
91e56a59
AF		 3256+int gr_ptrace_readexec(struct file *file, int unsafe_flags);
3257+
23588859
AF		 3258+void gr_inc_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
3259+void gr_dec_chroot_refcnts(struct dentry *dentry, struct vfsmount *mnt);
3260+int gr_bad_chroot_rename(struct dentry *olddentry, struct vfsmount *oldmnt,
3261+ struct dentry *newdentry, struct vfsmount *newmnt);
91e56a59
AF		 3262+
3263+#ifdef CONFIG_GRKERNSEC_RESLOG
3264+extern void gr_log_resource(const struct task_struct *task, const int res,
3265+ const unsigned long wanted, const int gt);
3266+#else
3267+static inline void gr_log_resource(const struct task_struct *task, const int res,
3268+ const unsigned long wanted, const int gt)
3269+{
3270+}
3271+#endif
3272+
3273+#ifdef CONFIG_GRKERNSEC
3274+void task_grsec_rbac(struct seq_file *m, struct task_struct *p);
3275+void gr_handle_vm86(void);
3276+void gr_handle_mem_readwrite(u64 from, u64 to);
3277+
3278+void gr_log_badprocpid(const char *entry);
3279+
3280+extern int grsec_enable_dmesg;
3281+extern int grsec_disable_privio;
3282+
3283+#ifdef CONFIG_GRKERNSEC_PROC_USERGROUP
3284+extern kgid_t grsec_proc_gid;
3285+#endif
3286+
3287+#ifdef CONFIG_GRKERNSEC_CHROOT_FINDTASK
3288+extern int grsec_enable_chroot_findtask;
3289+#endif
3290+#ifdef CONFIG_GRKERNSEC_SETXID
3291+extern int grsec_enable_setxid;
3292+#endif
3293+#endif
3294+
3295+#endif
23588859
AF		 3296diff -Naur backports-4.2.6-1.org/include/linux/grsock.h backports-4.2.6-1/include/linux/grsock.h
3297--- backports-4.2.6-1.org/include/linux/grsock.h 1970-01-01 01:00:00.000000000 +0100
3298+++ backports-4.2.6-1/include/linux/grsock.h 2016-01-27 12:26:26.289959354 +0100
91e56a59
AF		 3299@@ -0,0 +1,19 @@
3300+#ifndef __GRSOCK_H
3301+#define __GRSOCK_H
3302+
3303+extern void gr_attach_curr_ip(const struct sock *sk);
3304+extern int gr_handle_sock_all(const int family, const int type,
3305+ const int protocol);
3306+extern int gr_handle_sock_server(const struct sockaddr *sck);
3307+extern int gr_handle_sock_server_other(const struct sock *sck);
3308+extern int gr_handle_sock_client(const struct sockaddr *sck);
3309+extern int gr_search_connect(struct socket * sock,
3310+ struct sockaddr_in * addr);
3311+extern int gr_search_bind(struct socket * sock,
3312+ struct sockaddr_in * addr);
3313+extern int gr_search_listen(struct socket * sock);
3314+extern int gr_search_accept(struct socket * sock);
3315+extern int gr_search_socket(const int domain, const int type,
3316+ const int protocol);
3317+
3318+#endif
23588859
AF		 3319diff -Naur backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h backports-4.2.6-1/include/linux/netfilter/xt_gradm.h
3320--- backports-4.2.6-1.org/include/linux/netfilter/xt_gradm.h 1970-01-01 01:00:00.000000000 +0100
3321+++ backports-4.2.6-1/include/linux/netfilter/xt_gradm.h 2016-01-27 12:26:31.209959056 +0100
3322@@ -0,0 +1,9 @@
3323+#ifndef _LINUX_NETFILTER_XT_GRADM_H
3324+#define _LINUX_NETFILTER_XT_GRADM_H 1
3325+
3326+struct xt_gradm_mtinfo {
3327+ __u16 flags;
3328+ __u16 invflags;
3329+};
3330+
3331+#endif
3332diff -Naur backports-4.2.6-1.org/include/linux/unaligned/access_ok.h backports-4.2.6-1/include/linux/unaligned/access_ok.h
3333--- backports-4.2.6-1.org/include/linux/unaligned/access_ok.h 2015-11-15 22:19:38.000000000 +0100
3334+++ backports-4.2.6-1/include/linux/unaligned/access_ok.h 2016-01-27 12:26:31.219959057 +0100
91e56a59
AF		 3335@@ -4,34 +4,34 @@
3336 #include <linux/kernel.h>
3337 #include <asm/byteorder.h>
3338
3339-static inline u16 get_unaligned_le16(const void *p)
3340+static inline u16 __intentional_overflow(-1) get_unaligned_le16(const void *p)
3341 {
3342- return le16_to_cpup((__le16 *)p);
3343+ return le16_to_cpup((const __le16 *)p);
3344 }
3345
3346-static inline u32 get_unaligned_le32(const void *p)
3347+static inline u32 __intentional_overflow(-1) get_unaligned_le32(const void *p)
3348 {
3349- return le32_to_cpup((__le32 *)p);
3350+ return le32_to_cpup((const __le32 *)p);
3351 }
3352
3353-static inline u64 get_unaligned_le64(const void *p)
3354+static inline u64 __intentional_overflow(-1) get_unaligned_le64(const void *p)
3355 {
3356- return le64_to_cpup((__le64 *)p);
3357+ return le64_to_cpup((const __le64 *)p);
3358 }
3359
3360-static inline u16 get_unaligned_be16(const void *p)
3361+static inline u16 __intentional_overflow(-1) get_unaligned_be16(const void *p)
3362 {
3363- return be16_to_cpup((__be16 *)p);
3364+ return be16_to_cpup((const __be16 *)p);
3365 }
3366
3367-static inline u32 get_unaligned_be32(const void *p)
3368+static inline u32 __intentional_overflow(-1) get_unaligned_be32(const void *p)
3369 {
3370- return be32_to_cpup((__be32 *)p);
3371+ return be32_to_cpup((const __be32 *)p);
3372 }
3373
3374-static inline u64 get_unaligned_be64(const void *p)
3375+static inline u64 __intentional_overflow(-1) get_unaligned_be64(const void *p)
3376 {
3377- return be64_to_cpup((__be64 *)p);
3378+ return be64_to_cpup((const __be64 *)p);
3379 }
3380
3381 static inline void put_unaligned_le16(u16 val, void *p)
23588859
AF		 3382diff -Naur backports-4.2.6-1.org/include/media/v4l2-dev.h backports-4.2.6-1/include/media/v4l2-dev.h
3383--- backports-4.2.6-1.org/include/media/v4l2-dev.h 2015-11-15 22:19:38.000000000 +0100
3384+++ backports-4.2.6-1/include/media/v4l2-dev.h 2016-01-27 12:26:31.219959057 +0100
3385@@ -74,7 +74,7 @@
91e56a59
AF		 3386 int (*mmap) (struct file *, struct vm_area_struct *);
3387 int (*open) (struct file *);
3388 int (*release) (struct file *);
3389-};
3390+} __do_const;
3391
3392 /*
3393 * Newer version of video_device, handled by videodev2.c
23588859
AF		 3394diff -Naur backports-4.2.6-1.org/include/media/v4l2-device.h backports-4.2.6-1/include/media/v4l2-device.h
3395--- backports-4.2.6-1.org/include/media/v4l2-device.h 2015-11-15 22:19:38.000000000 +0100
3396+++ backports-4.2.6-1/include/media/v4l2-device.h 2016-01-27 12:26:31.219959057 +0100
3397@@ -93,7 +93,7 @@
91e56a59
AF		 3398 this function returns 0. If the name ends with a digit (e.g. cx18),
3399 then the name will be set to cx18-0 since cx180 looks really odd. */
3400 int v4l2_device_set_name(struct v4l2_device *v4l2_dev, const char *basename,
3401- atomic_t *instance);
3402+ atomic_unchecked_t *instance);
3403
3404 /* Set v4l2_dev->dev to NULL. Call when the USB parent disconnects.
3405 Since the parent disappears this ensures that v4l2_dev doesn't have an
23588859
AF		 3406diff -Naur backports-4.2.6-1.org/include/net/bluetooth/l2cap.h backports-4.2.6-1/include/net/bluetooth/l2cap.h
3407--- backports-4.2.6-1.org/include/net/bluetooth/l2cap.h 2015-11-15 22:19:38.000000000 +0100
3408+++ backports-4.2.6-1/include/net/bluetooth/l2cap.h 2016-01-27 12:31:52.866600109 +0100
3409@@ -615,7 +615,7 @@
91e56a59
AF		 3410 struct iovec *iov,
3411 int len);
23588859 3412 #endif
91e56a59
AF		 3413-};
3414+} __do_const;
3415
3416 struct l2cap_conn {
3417 struct hci_conn *hcon;
23588859
AF		 3418diff -Naur backports-4.2.6-1.org/include/net/mac80211.h backports-4.2.6-1/include/net/mac80211.h
3419--- backports-4.2.6-1.org/include/net/mac80211.h 2015-11-15 22:19:38.000000000 +0100
3420+++ backports-4.2.6-1/include/net/mac80211.h 2016-01-27 12:26:31.223292389 +0100
3421@@ -5106,7 +5106,7 @@
3422 struct sk_buff *skb;
3423 struct ieee80211_tx_rate reported_rate;
3424 bool rts, short_preamble;
3425- u8 max_rate_idx;
3426+ s8 max_rate_idx;
3427 u32 rate_idx_mask;
3428 u8 *rate_idx_mcs_mask;
3429 bool bss;
3430@@ -5143,7 +5143,7 @@
91e56a59
AF		 3431 void (*remove_sta_debugfs)(void *priv, void *priv_sta);
3432
3433 u32 (*get_expected_throughput)(void *priv_sta);
3434-};
3435+} __do_const;
3436
3437 static inline int rate_supported(struct ieee80211_sta *sta,
3438 enum ieee80211_band band,
23588859
AF		 3439diff -Naur backports-4.2.6-1.org/include/trace/events/fs.h backports-4.2.6-1/include/trace/events/fs.h
3440--- backports-4.2.6-1.org/include/trace/events/fs.h 1970-01-01 01:00:00.000000000 +0100
3441+++ backports-4.2.6-1/include/trace/events/fs.h 2016-01-27 12:26:31.226625722 +0100
91e56a59
AF		 3442@@ -0,0 +1,53 @@
3443+#undef TRACE_SYSTEM
3444+#define TRACE_SYSTEM fs
3445+
3446+#if !defined(_TRACE_FS_H) || defined(TRACE_HEADER_MULTI_READ)
3447+#define _TRACE_FS_H
3448+
3449+#include <linux/fs.h>
3450+#include <linux/tracepoint.h>
3451+
3452+TRACE_EVENT(do_sys_open,
3453+
3454+ TP_PROTO(const char *filename, int flags, int mode),
3455+
3456+ TP_ARGS(filename, flags, mode),
3457+
3458+ TP_STRUCT__entry(
3459+ __string( filename, filename )
3460+ __field( int, flags )
3461+ __field( int, mode )
3462+ ),
3463+
3464+ TP_fast_assign(
3465+ __assign_str(filename, filename);
3466+ __entry->flags = flags;
3467+ __entry->mode = mode;
3468+ ),
3469+
3470+ TP_printk("\"%s\" %x %o",
3471+ __get_str(filename), __entry->flags, __entry->mode)
3472+);
3473+
3474+TRACE_EVENT(open_exec,
3475+
3476+ TP_PROTO(const char *filename),
3477+
3478+ TP_ARGS(filename),
3479+
3480+ TP_STRUCT__entry(
3481+ __string( filename, filename )
3482+ ),
3483+
3484+ TP_fast_assign(
3485+ __assign_str(filename, filename);
3486+ ),
3487+
3488+ TP_printk("\"%s\"",
3489+ __get_str(filename))
3490+);
3491+
3492+#endif /* _TRACE_FS_H */
3493+
3494+/* This part must be outside protection */
3495+#include <trace/define_trace.h>
23588859
AF		 3496diff -Naur backports-4.2.6-1.org/net/bluetooth/hci_sock.c backports-4.2.6-1/net/bluetooth/hci_sock.c
3497--- backports-4.2.6-1.org/net/bluetooth/hci_sock.c 2015-11-15 22:19:40.000000000 +0100
3498+++ backports-4.2.6-1/net/bluetooth/hci_sock.c 2016-01-27 12:26:36.269958751 +0100
3499@@ -1266,7 +1266,7 @@
91e56a59
AF		 3500 uf.event_mask[1] = *((u32 *) f->event_mask + 1);
3501 }
3502
3503- len = min_t(unsigned int, len, sizeof(uf));
3504+ len = min((size_t)len, sizeof(uf));
3505 if (copy_from_user(&uf, optval, len)) {
3506 err = -EFAULT;
3507 break;
23588859
AF		 3508diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_core.c backports-4.2.6-1/net/bluetooth/l2cap_core.c
3509--- backports-4.2.6-1.org/net/bluetooth/l2cap_core.c 2015-11-15 22:19:40.000000000 +0100
3510+++ backports-4.2.6-1/net/bluetooth/l2cap_core.c 2016-01-27 12:26:36.269958751 +0100
3511@@ -3547,8 +3547,10 @@
91e56a59
AF		 3512 break;
3513
3514 case L2CAP_CONF_RFC:
3515- if (olen == sizeof(rfc))
3516- memcpy(&rfc, (void *)val, olen);
3517+ if (olen != sizeof(rfc))
3518+ break;
3519+
3520+ memcpy(&rfc, (void *)val, olen);
3521
3522 if (test_bit(CONF_STATE2_DEVICE, &chan->conf_state) &&
3523 rfc.mode != chan->mode)
23588859
AF		 3524diff -Naur backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c backports-4.2.6-1/net/bluetooth/l2cap_sock.c
3525--- backports-4.2.6-1.org/net/bluetooth/l2cap_sock.c 2015-11-15 22:19:40.000000000 +0100
3526+++ backports-4.2.6-1/net/bluetooth/l2cap_sock.c 2016-01-27 12:26:36.269958751 +0100
3527@@ -633,7 +633,8 @@
91e56a59
AF		 3528 struct sock *sk = sock->sk;
3529 struct l2cap_chan *chan = l2cap_pi(sk)->chan;
3530 struct l2cap_options opts;
3531- int len, err = 0;
3532+ int err = 0;
3533+ size_t len = optlen;
3534 u32 opt;
3535
3536 BT_DBG("sk %p", sk);
23588859 3537@@ -660,7 +661,7 @@
91e56a59
AF		 3538 opts.max_tx = chan->max_tx;
3539 opts.txwin_size = chan->tx_win;
3540
3541- len = min_t(unsigned int, sizeof(opts), optlen);
3542+ len = min(sizeof(opts), len);
3543 if (copy_from_user((char *) &opts, optval, len)) {
3544 err = -EFAULT;
3545 break;
23588859 3546@@ -747,7 +748,8 @@
91e56a59
AF		 3547 struct bt_security sec;
3548 struct bt_power pwr;
3549 struct l2cap_conn *conn;
3550- int len, err = 0;
3551+ int err = 0;
3552+ size_t len = optlen;
3553 u32 opt;
3554
3555 BT_DBG("sk %p", sk);
23588859 3556@@ -771,7 +773,7 @@
91e56a59
AF		 3557
3558 sec.level = BT_SECURITY_LOW;
3559
3560- len = min_t(unsigned int, sizeof(sec), optlen);
3561+ len = min(sizeof(sec), len);
3562 if (copy_from_user((char *) &sec, optval, len)) {
3563 err = -EFAULT;
3564 break;
23588859 3565@@ -867,7 +869,7 @@
91e56a59
AF		 3566
3567 pwr.force_active = BT_POWER_FORCE_ACTIVE_ON;
3568
3569- len = min_t(unsigned int, sizeof(pwr), optlen);
3570+ len = min(sizeof(pwr), len);
3571 if (copy_from_user((char *) &pwr, optval, len)) {
3572 err = -EFAULT;
3573 break;
23588859
AF		 3574diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c backports-4.2.6-1/net/bluetooth/rfcomm/sock.c
3575--- backports-4.2.6-1.org/net/bluetooth/rfcomm/sock.c 2015-11-15 22:19:40.000000000 +0100
3576+++ backports-4.2.6-1/net/bluetooth/rfcomm/sock.c 2016-01-27 12:26:36.269958751 +0100
3577@@ -713,7 +713,7 @@
91e56a59
AF		 3578 struct sock *sk = sock->sk;
3579 struct bt_security sec;
3580 int err = 0;
3581- size_t len;
3582+ size_t len = optlen;
3583 u32 opt;
3584
3585 BT_DBG("sk %p", sk);
23588859 3586@@ -735,7 +735,7 @@
91e56a59
AF		 3587
3588 sec.level = BT_SECURITY_LOW;
3589
3590- len = min_t(unsigned int, sizeof(sec), optlen);
3591+ len = min(sizeof(sec), len);
3592 if (copy_from_user((char *) &sec, optval, len)) {
3593 err = -EFAULT;
3594 break;
23588859
AF		 3595diff -Naur backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c backports-4.2.6-1/net/bluetooth/rfcomm/tty.c
3596--- backports-4.2.6-1.org/net/bluetooth/rfcomm/tty.c 2015-11-15 22:19:40.000000000 +0100
3597+++ backports-4.2.6-1/net/bluetooth/rfcomm/tty.c 2016-01-27 12:26:36.269958751 +0100
91e56a59
AF		 3598@@ -752,7 +752,7 @@
3599 BT_DBG("tty %p id %d", tty, tty->index);
3600
3601 BT_DBG("dev %p dst %pMR channel %d opened %d", dev, &dev->dst,
3602- dev->channel, dev->port.count);
3603+ dev->channel, atomic_read(&dev->port.count));
3604
3605 err = tty_port_open(&dev->port, tty, filp);
3606 if (err)
3607@@ -775,7 +775,7 @@
3608 struct rfcomm_dev *dev = (struct rfcomm_dev *) tty->driver_data;
3609
3610 BT_DBG("tty %p dev %p dlc %p opened %d", tty, dev, dev->dlc,
3611- dev->port.count);
3612+ atomic_read(&dev->port.count));
3613
3614 tty_port_close(&dev->port, tty, filp);
3615 }
23588859
AF		 3616diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c backports-4.2.6-1/net/ieee802154/6lowpan/core.c
3617--- backports-4.2.6-1.org/net/ieee802154/6lowpan/core.c 2015-11-15 22:19:40.000000000 +0100
3618+++ backports-4.2.6-1/net/ieee802154/6lowpan/core.c 2016-01-27 12:26:36.273292083 +0100
3619@@ -191,7 +191,7 @@
91e56a59
AF		 3620 dev_put(real_dev);
3621 }
3622
3623-static struct rtnl_link_ops lowpan_link_ops __read_mostly = {
3624+static struct rtnl_link_ops lowpan_link_ops = {
3625 .kind = "lowpan",
3626 .priv_size = sizeof(struct lowpan_dev_info),
3627 .setup = lowpan_setup,
23588859
AF		 3628diff -Naur backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c
3629--- backports-4.2.6-1.org/net/ieee802154/6lowpan/reassembly.c 2015-11-15 22:19:40.000000000 +0100
3630+++ backports-4.2.6-1/net/ieee802154/6lowpan/reassembly.c 2016-01-27 12:26:36.273292083 +0100
3631@@ -435,14 +435,13 @@
91e56a59
AF		 3632
3633 static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
3634 {
3635- struct ctl_table *table;
3636+ ctl_table_no_const *table = NULL;
3637 struct ctl_table_header *hdr;
3638 struct netns_ieee802154_lowpan *ieee802154_lowpan =
3639 net_ieee802154_lowpan(net);
3640
3641- table = lowpan_frags_ns_ctl_table;
3642 if (!net_eq(net, &init_net)) {
3643- table = kmemdup(table, sizeof(lowpan_frags_ns_ctl_table),
3644+ table = kmemdup(lowpan_frags_ns_ctl_table, sizeof(lowpan_frags_ns_ctl_table),
3645 GFP_KERNEL);
3646 if (table == NULL)
3647 goto err_alloc;
23588859
AF		 3648@@ -457,9 +456,9 @@
3649 /* Don't export sysctls to unprivileged users */
3650 if (net->user_ns != &init_user_ns)
3651 table[0].procname = NULL;
3652- }
3653-
3654- hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table);
3655+ hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", table);
3656+ } else
3657+ hdr = register_net_sysctl(net, "net/ieee802154/6lowpan", lowpan_frags_ns_ctl_table);
3658 if (hdr == NULL)
3659 goto err_reg;
3660
3661@@ -467,8 +466,7 @@
91e56a59
AF		 3662 return 0;
3663
3664 err_reg:
3665- if (!net_eq(net, &init_net))
3666- kfree(table);
3667+ kfree(table);
3668 err_alloc:
3669 return -ENOMEM;
3670 }
23588859
AF		 3671diff -Naur backports-4.2.6-1.org/net/mac80211/cfg.c backports-4.2.6-1/net/mac80211/cfg.c
3672--- backports-4.2.6-1.org/net/mac80211/cfg.c 2015-11-15 22:19:40.000000000 +0100
3673+++ backports-4.2.6-1/net/mac80211/cfg.c 2016-01-27 12:26:36.286625417 +0100
3674@@ -580,7 +580,7 @@
91e56a59
AF		 3675 ret = ieee80211_vif_use_channel(sdata, chandef,
3676 IEEE80211_CHANCTX_EXCLUSIVE);
3677 }
3678- } else if (local->open_count == local->monitors) {
3679+ } else if (local_read(&local->open_count) == local->monitors) {
3680 local->_oper_chandef = *chandef;
3681 ieee80211_hw_config(local, 0);
3682 }
23588859 3683@@ -3488,7 +3488,7 @@
91e56a59
AF		 3684 else
3685 local->probe_req_reg--;
3686
3687- if (!local->open_count)
3688+ if (!local_read(&local->open_count))
3689 break;
3690
3691 ieee80211_queue_work(&local->hw, &local->reconfig_filter);
23588859 3692@@ -3637,8 +3637,8 @@
91e56a59
AF		 3693 if (chanctx_conf) {
3694 *chandef = sdata->vif.bss_conf.chandef;
3695 ret = 0;
3696- } else if (local->open_count > 0 &&
3697- local->open_count == local->monitors &&
3698+ } else if (local_read(&local->open_count) > 0 &&
3699+ local_read(&local->open_count) == local->monitors &&
3700 sdata->vif.type == NL80211_IFTYPE_MONITOR) {
3701 if (local->use_chanctx)
3702 *chandef = local->monitor_chandef;
23588859
AF		 3703diff -Naur backports-4.2.6-1.org/net/mac80211/ieee80211_i.h backports-4.2.6-1/net/mac80211/ieee80211_i.h
3704--- backports-4.2.6-1.org/net/mac80211/ieee80211_i.h 2015-11-15 22:19:40.000000000 +0100
3705+++ backports-4.2.6-1/net/mac80211/ieee80211_i.h 2016-01-27 12:26:36.289958749 +0100
3706@@ -30,6 +30,7 @@
91e56a59
AF		 3707 #include <net/ieee80211_radiotap.h>
3708 #include <net/cfg80211.h>
3709 #include <net/mac80211.h>
3710+#include <asm/local.h>
3711 #include "key.h"
3712 #include "sta_info.h"
3713 #include "debug.h"
23588859 3714@@ -1112,7 +1113,7 @@
91e56a59
AF		 3715 /* also used to protect ampdu_ac_queue and amdpu_ac_stop_refcnt */
3716 spinlock_t queue_stop_reason_lock;
3717
3718- int open_count;
3719+ local_t open_count;
3720 int monitors, cooked_mntrs;
3721 /* number of interfaces with corresponding FIF_ flags */
3722 int fif_fcsfail, fif_plcpfail, fif_control, fif_other_bss, fif_pspoll,
23588859
AF		 3723diff -Naur backports-4.2.6-1.org/net/mac80211/iface.c backports-4.2.6-1/net/mac80211/iface.c
3724--- backports-4.2.6-1.org/net/mac80211/iface.c 2015-11-15 22:19:40.000000000 +0100
3725+++ backports-4.2.6-1/net/mac80211/iface.c 2016-01-27 12:26:36.289958749 +0100
3726@@ -550,7 +550,7 @@
91e56a59
AF		 3727 break;
3728 }
3729
3730- if (local->open_count == 0) {
3731+ if (local_read(&local->open_count) == 0) {
3732 res = drv_start(local);
3733 if (res)
3734 goto err_del_bss;
23588859 3735@@ -597,7 +597,7 @@
91e56a59
AF		 3736 res = drv_add_interface(local, sdata);
3737 if (res)
3738 goto err_stop;
3739- } else if (local->monitors == 0 && local->open_count == 0) {
3740+ } else if (local->monitors == 0 && local_read(&local->open_count) == 0) {
3741 res = ieee80211_add_virtual_monitor(local);
3742 if (res)
3743 goto err_stop;
23588859
AF		 3744@@ -704,7 +704,7 @@
3745 atomic_inc(&local->iff_allmultis);
91e56a59
AF		 3746
3747 if (coming_up)
3748- local->open_count++;
3749+ local_inc(&local->open_count);
3750
3751 if (hw_reconf_flags)
3752 ieee80211_hw_config(local, hw_reconf_flags);
23588859 3753@@ -742,7 +742,7 @@
91e56a59
AF		 3754 err_del_interface:
3755 drv_remove_interface(local, sdata);
3756 err_stop:
3757- if (!local->open_count)
3758+ if (!local_read(&local->open_count))
3759 drv_stop(local);
3760 err_del_bss:
3761 sdata->bss = NULL;
23588859 3762@@ -909,7 +909,7 @@
91e56a59
AF		 3763 }
3764
3765 if (going_down)
3766- local->open_count--;
3767+ local_dec(&local->open_count);
3768
3769 switch (sdata->vif.type) {
3770 case NL80211_IFTYPE_AP_VLAN:
23588859
AF		 3771@@ -978,7 +978,7 @@
3772 atomic_set(&sdata->txqs_len[txqi->txq.ac], 0);
91e56a59 3773 }
91e56a59
AF		 3774
3775- if (local->open_count == 0)
3776+ if (local_read(&local->open_count) == 0)
3777 ieee80211_clear_tx_pending(local);
3778
3779 /*
23588859 3780@@ -1021,7 +1021,7 @@
91e56a59
AF		 3781 if (cancel_scan)
3782 flush_delayed_work(&local->scan_work);
3783
3784- if (local->open_count == 0) {
3785+ if (local_read(&local->open_count) == 0) {
3786 ieee80211_stop_device(local);
3787
3788 /* no reconfiguring after stop! */
23588859 3789@@ -1032,7 +1032,7 @@
91e56a59
AF		 3790 ieee80211_configure_filter(local);
3791 ieee80211_hw_config(local, hw_reconf_flags);
3792
3793- if (local->monitors == local->open_count)
3794+ if (local->monitors == local_read(&local->open_count))
3795 ieee80211_add_virtual_monitor(local);
3796 }
3797
23588859
AF		 3798@@ -1905,8 +1905,8 @@
3799 */
3800 cfg80211_shutdown_all_interfaces(local->hw.wiphy);
3801
3802- WARN(local->open_count, "%s: open count remains %d\n",
3803- wiphy_name(local->hw.wiphy), local->open_count);
3804+ WARN(local_read(&local->open_count), "%s: open count remains %ld\n",
3805+ wiphy_name(local->hw.wiphy), local_read(&local->open_count));
3806
3807 mutex_lock(&local->iflist_mtx);
3808 list_for_each_entry_safe(sdata, tmp, &local->interfaces, list) {
3809diff -Naur backports-4.2.6-1.org/net/mac80211/main.c backports-4.2.6-1/net/mac80211/main.c
3810--- backports-4.2.6-1.org/net/mac80211/main.c 2015-11-15 22:19:40.000000000 +0100
3811+++ backports-4.2.6-1/net/mac80211/main.c 2016-01-27 12:26:36.289958749 +0100
3812@@ -172,7 +172,7 @@
91e56a59
AF		 3813 changed &= ~(IEEE80211_CONF_CHANGE_CHANNEL |
3814 IEEE80211_CONF_CHANGE_POWER);
3815
3816- if (changed && local->open_count) {
3817+ if (changed && local_read(&local->open_count)) {
3818 ret = drv_config(local, changed);
3819 /*
3820 * Goal:
23588859
AF		 3821diff -Naur backports-4.2.6-1.org/net/mac80211/pm.c backports-4.2.6-1/net/mac80211/pm.c
3822--- backports-4.2.6-1.org/net/mac80211/pm.c 2015-11-15 22:19:40.000000000 +0100
3823+++ backports-4.2.6-1/net/mac80211/pm.c 2016-01-27 12:26:36.289958749 +0100
91e56a59
AF		 3824@@ -12,7 +12,7 @@
3825 struct ieee80211_sub_if_data *sdata;
3826 struct sta_info *sta;
3827
3828- if (!local->open_count)
3829+ if (!local_read(&local->open_count))
3830 goto suspend;
3831
3832 ieee80211_scan_cancel(local);
23588859 3833@@ -166,7 +166,7 @@
91e56a59
AF		 3834 WARN_ON(!list_empty(&local->chanctx_list));
3835
3836 /* stop hardware - this must stop RX */
3837- if (local->open_count)
3838+ if (local_read(&local->open_count))
3839 ieee80211_stop_device(local);
3840
3841 suspend:
23588859
AF		 3842diff -Naur backports-4.2.6-1.org/net/mac80211/rate.c backports-4.2.6-1/net/mac80211/rate.c
3843--- backports-4.2.6-1.org/net/mac80211/rate.c 2015-11-15 22:19:40.000000000 +0100
3844+++ backports-4.2.6-1/net/mac80211/rate.c 2016-01-27 12:26:36.289958749 +0100
3845@@ -730,7 +730,7 @@
91e56a59
AF		 3846
3847 ASSERT_RTNL();
3848
3849- if (local->open_count)
3850+ if (local_read(&local->open_count))
3851 return -EBUSY;
3852
23588859
AF		 3853 if (ieee80211_hw_check(&local->hw, HAS_RATE_CONTROL)) {
3854diff -Naur backports-4.2.6-1.org/net/mac80211/sta_info.c backports-4.2.6-1/net/mac80211/sta_info.c
3855--- backports-4.2.6-1.org/net/mac80211/sta_info.c 2015-11-15 22:19:40.000000000 +0100
3856+++ backports-4.2.6-1/net/mac80211/sta_info.c 2016-01-27 12:26:36.289958749 +0100
3857@@ -341,7 +341,7 @@
3858 int size = sizeof(struct txq_info) +
3859 ALIGN(hw->txq_data_size, sizeof(void *));
3860
3861- txq_data = kcalloc(ARRAY_SIZE(sta->sta.txq), size, gfp);
3862+ txq_data = kcalloc(size, ARRAY_SIZE(sta->sta.txq), gfp);
3863 if (!txq_data)
3864 goto free;
3865
3866diff -Naur backports-4.2.6-1.org/net/mac80211/util.c backports-4.2.6-1/net/mac80211/util.c
3867--- backports-4.2.6-1.org/net/mac80211/util.c 2015-11-15 22:19:40.000000000 +0100
3868+++ backports-4.2.6-1/net/mac80211/util.c 2016-01-27 12:26:36.289958749 +0100
3869@@ -1761,7 +1761,7 @@
3870 bool sched_scan_stopped = false;
3871
3872 /* nothing to do if HW shouldn't run */
91e56a59
AF		 3873- if (!local->open_count)
3874+ if (!local_read(&local->open_count))
3875 goto wake_up;
3876
23588859
AF		 3877 #ifdef CONFIG_PM
3878@@ -2033,7 +2033,7 @@
91e56a59
AF		 3879 local->in_reconfig = false;
3880 barrier();
3881
3882- if (local->monitors == local->open_count && local->monitors > 0)
3883+ if (local->monitors == local_read(&local->open_count) && local->monitors > 0)
3884 ieee80211_add_virtual_monitor(local);
3885
3886 /*
23588859
AF		 3887@@ -2088,7 +2088,7 @@
3888 * If this is for hw restart things are still running.
3889 * We may want to change that later, however.
3890 */
3891- if (local->open_count && (!local->suspended || reconfig_due_to_wowlan))
3892+ if (local_read(&local->open_count) && (!local->suspended || reconfig_due_to_wowlan))
3893 drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_RESTART);
3894
3895 if (!local->suspended)
3896@@ -2112,7 +2112,7 @@
3897 flush_delayed_work(&local->scan_work);
3898 }
3899
3900- if (local->open_count && !reconfig_due_to_wowlan)
3901+ if (local_read(&local->open_count) && !reconfig_due_to_wowlan)
3902 drv_reconfig_complete(local, IEEE80211_RECONFIG_TYPE_SUSPEND);
3903
3904 list_for_each_entry(sdata, &local->interfaces, list) {
3905diff -Naur backports-4.2.6-1.org/net/wireless/wext-core.c backports-4.2.6-1/net/wireless/wext-core.c
3906--- backports-4.2.6-1.org/net/wireless/wext-core.c 2015-11-15 22:19:40.000000000 +0100
3907+++ backports-4.2.6-1/net/wireless/wext-core.c 2016-01-27 12:26:36.303292082 +0100
91e56a59
AF		 3908@@ -748,8 +748,7 @@
3909 */
3910
3911 /* Support for very large requests */
3912- if ((descr->flags & IW_DESCR_FLAG_NOMAX) &&
3913- (user_length > descr->max_tokens)) {
3914+ if (user_length > descr->max_tokens) {
3915 /* Allow userspace to GET more than max so
3916 * we can support any size GET requests.
3917 * There is still a limit : -ENOMEM.
3918@@ -788,22 +787,6 @@
3919 }
3920 }
3921
3922- if (IW_IS_GET(cmd) && !(descr->flags & IW_DESCR_FLAG_NOMAX)) {
3923- /*
3924- * If this is a GET, but not NOMAX, it means that the extra
3925- * data is not bounded by userspace, but by max_tokens. Thus
3926- * set the length to max_tokens. This matches the extra data
3927- * allocation.
3928- * The driver should fill it with the number of tokens it
3929- * provided, and it may check iwp->length rather than having
3930- * knowledge of max_tokens. If the driver doesn't change the
3931- * iwp->length, this ioctl just copies back max_token tokens
3932- * filled with zeroes. Hopefully the driver isn't claiming
3933- * them to be valid data.
3934- */
3935- iwp->length = descr->max_tokens;
3936- }
3937-
3938 err = handler(dev, info, (union iwreq_data *) iwp, extra);
3939
3940 iwp->length += essid_compat;
23588859
AF		 3941diff -Naur backports-4.2.6-1.org/scripts/gcc-plugin.sh backports-4.2.6-1/scripts/gcc-plugin.sh
3942--- backports-4.2.6-1.org/scripts/gcc-plugin.sh 1970-01-01 01:00:00.000000000 +0100
3943+++ backports-4.2.6-1/scripts/gcc-plugin.sh 2016-01-27 12:26:36.303292082 +0100
3944@@ -0,0 +1,51 @@
3945+#!/bin/sh
3946+srctree=$(dirname "$0")
3947+gccplugins_dir=$($3 -print-file-name=plugin)
3948+plugincc=$($1 -E -x c++ - -o /dev/null -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
3949+#include "gcc-common.h"
3950+#if BUILDING_GCC_VERSION >= 4008 || defined(ENABLE_BUILD_WITH_CXX)
3951+#warning $2 CXX
3952+#else
3953+#warning $1 CC
3954+#endif
3955+EOF
3956+)
3957+
3958+if [ $? -ne 0 ]
3959+then
3960+ exit 1
3961+fi
3962+
3963+case "$plugincc" in
3964+ *"$1 CC"*)
3965+ echo "$1"
3966+ exit 0
3967+ ;;
3968+
3969+ *"$2 CXX"*)
3970+ # the c++ compiler needs another test, see below
3971+ ;;
3972+
3973+ *)
3974+ exit 1
3975+ ;;
3976+esac
3977+
3978+# we need a c++ compiler that supports the designated initializer GNU extension
3979+plugincc=$($2 -c -x c++ -std=gnu++98 - -fsyntax-only -I"${srctree}"/../tools/gcc -I"${gccplugins_dir}"/include 2>&1 <<EOF
3980+#include "gcc-common.h"
3981+class test {
3982+public:
3983+ int test;
3984+} test = {
3985+ .test = 1
3986+};
3987+EOF
3988+)
3989+
3990+if [ $? -eq 0 ]
3991+then
3992+ echo "$2"
3993+ exit 0
3994+fi
3995+exit 1
Peter's tree of IPFire 2.x